Home/ Questions/Q 166689
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-11T12:08:31+00:00

Update2: Thanks for the input. I have implemented the algorithm and it is available

  • 0

Update2:

Thanks for the input. I have implemented the algorithm and it is available for download at SourceForge. It is my first open source project so be merciful.

Update:

I am not sure I was clear enough or everyone responding to this understands how shells consume #! type of input. A great book to look at is Advanced Unix Programming. It is sufficient to call popen and feed its standard input as demonstrated here.

Original Question:

Our scripts run in highly distributed environment with many users. Using permissions to hide them is problematic for many reasons.

Since the first line can be used to designate the ‘interpreter’ for a script the initial line can be used to define a a decrypter 

#!/bin/decryptandrun *(&(*S&DF(*SD(F*SDJKFHSKJDFHLKJHASDJHALSKJD SDASDJKAHSDUAS(DA(S*D&(ASDAKLSDHASD*(&A*SD&AS ASD(*A&SD(*&AS(D*&AS(*D&A(SD&*(A*S&D(A*&DS

Given that I can write the script to encrypt and place the appropriate header I want to decrypt the script (which itself may have an interpreter line such as #!/bin/perl at the top of it) without doing anything dumb like writing it out to a temporary file. I have found some silly commercial products to do this. I think this could be accomplished in a matter of hours. Is there a well known method to do this with pipes rather than coding the system calls? I was thinking of using execvp but is it better to replace the current process or to create a child process?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. If your users can execute the decryptandrun program, then they can read it (and any files it needs to read such as decryption keys). So they can just extract the code to decrypt the scripts themselves.

    You could work around this by making the decrtyptandrun suid. But then any bug in it could lead to the user getting root privileges (or at least privileges to the account that holds the decryption keys). So that’s probably not a good idea. And of course, if you’ve gone to all the trouble of hiding the contents or keys of these decryption scripts by making them not readable to the user… then why can’t you do the same with the contents of the scripts you’re trying to hide?

    Also, you can’t have a #! interpreted executable as an interpreter for another #! interpreted executable.

    And one of the fundamental rules of cryptography is, don’t invent your own encryption algorithm (or tools) unless you’re an experienced cryptanalyst.

    Which leads me to wonder why you feel the need to encrypt scripts that your users will be running. Is there anything wrong with them seeing the contents of the scripts?

    • 0