7 Apr 2024 |
azizLIGHT | In reply to @tom_io:matrix.org Oh sorry, I used $(< "/path") without explanation. It's just a shorter built-in form of $(cat "/path") . I guess technically its a bashism, also works in Zsh though. thats neat. thank you. i didnt know that either | 09:00:41 |
TomIO | It's only mentioned in passing on the man page.
~~As so many neat features are~~
https://www.man7.org/linux/man-pages/man1/bash.1.html#EXPANSION:~:text=%24(%3C%20file) | 09:03:28 |
azizLIGHT | oh its also faster | 09:04:16 |
TomIO | By virtue of not having to call out to the external cat program. | 09:04:42 |
TomIO | The difference rarely matters, but is good to know about. | 09:05:01 |
iam_tj | I had that warned from shellcheck yesterday (using cat where just < would do) but it got it wrong since I was (intending) to do $( cat something || log_error ) ... then later I realised I'd typoed and written $( cat something | log_error ) 😄 | 09:39:37 |
TomIO | In reply to @iam_tj:matrix.org I had that warned from shellcheck yesterday (using cat where just < would do) but it got it wrong since I was (intending) to do $( cat something || log_error ) ... then later I realised I'd typoed and written $( cat something | log_error ) 😄 Oh I didn't know shellcheck actually recommends using $(<) , is that new in 0.10? | 09:58:22 |
iam_tj | no idea when it was added but I have v0.9.0 | 10:15:22 |
TomIO | hmm | 10:21:29 |
8 Apr 2024 |
Ulfnic | TomIO azizLIGHT: just a security note, i'd recommend only using stdin for passing keys to oathtool because params of non-bash built-ins (like oathtool ) leak to all running processes through /proc/$$/cmdline , worth noting variables also leak through /proc/$$/environ
To avoid that leak you can enter a key interactively like this: (credit to ormaaj's help)
printf '%s' 'Enter key and press ENTER: '
head -n1 | oathtool -b --totp -
Use files like this:
cat my_key | oathtool -b --totp -
oathtool -b --totp - < my_key
Or if it's a BASH script so it won't leak to .bash_history and it's permissioned securely, you can use a BASH built-in like printf , echo or a herestring for hardcoded values, ex:
printf '%s\n' 'abcde' | oathtool -b --totp -
echo 'abcde' | oathtool -b --totp -
oathtool -b --totp - <<< 'abcde'
| 20:29:35 |
Ulfnic | Using Tom's code, that'd be:
2fa() {
oathtool -b --totp - < "$1"
}
2fa 'path/to/my/key'
| 20:32:38 |
azizLIGHT | Thanks I will experiment with this tonight | 20:36:14 |
Ulfnic | BASH is a gorgeous language, just a few tricky bits here and there :P | 20:37:28 |
Ulfnic | Also that leak applies to all shells that i'm aware as far they work with that side of UNIX-like systems so it's not a BASH specific problem. | 20:41:49 |
Ulfnic | * Also that leak applies to all shells that i'm aware of as far they work with that side of UNIX-like systems so it's not a BASH specific problem. | 20:42:00 |
bkil | https://thejh.net/misc/website-terminal-copy-paste https://www.ush.it/team/ascii/hack-tricks_253C_CCC2008/wysinwyc/what_you_see_is_not_what_you_copy.txt https://reddit.com/r/netsec/comments/1bv359/dont_copypaste_from_website_to_terminal_demo/ https://news.ycombinator.com/item?id=5508225
Don't Copy-Paste from Website to Terminal User iteraction based exploitation: WYSINWYC (What you see is not what you copy)
| 20:51:18 |
TomIO | In reply to @ulfnic:matrix.org
TomIO azizLIGHT: just a security note, i'd recommend only using stdin for passing keys to oathtool because params of non-bash built-ins (like oathtool ) leak to all running processes through /proc/$$/cmdline , worth noting variables also leak through /proc/$$/environ
To avoid that leak you can enter a key interactively like this: (credit to ormaaj's help)
printf '%s' 'Enter key and press ENTER: '
head -n1 | oathtool -b --totp -
Use files like this:
cat my_key | oathtool -b --totp -
oathtool -b --totp - < my_key
Or if it's a BASH script so it won't leak to .bash_history and it's permissioned securely, you can use a BASH built-in like printf , echo or a herestring for hardcoded values, ex:
printf '%s\n' 'abcde' | oathtool -b --totp -
echo 'abcde' | oathtool -b --totp -
oathtool -b --totp - <<< 'abcde'
Good thing to note. | 22:19:46 |
9 Apr 2024 |
Ulfnic | <- ::pretends like he knew that a long time:: | 10:20:48 |
10 Apr 2024 |
| psych094[m] joined the room. | 10:04:51 |
11 Apr 2024 |
| Arya [aryak.me] changed their display name from Arya [aryak.me] (AWAY TILL APRIL 12TH) to Arya [aryak.me]. | 06:11:47 |
scorpion2185 | https://superuser.com/questions/137438/how-to-unlimited-bash-shell-history | 17:32:22 |
scorpion2185 | export HISTFILESIZE=
export HISTSIZE=
for bash eternal history? | 17:32:41 |
TomIO | In reply to @scorpion2185:matrix.org
export HISTFILESIZE=
export HISTSIZE=
for bash eternal history? Set it to a negative value if you want infinite. Here's the relevant sections of man 1 bash
HISTFILESIZE
The maximum number of lines contained in the history file. When
this variable is assigned a value, the history file is
truncated, if necessary, to contain no more than that number of
lines by removing the oldest entries. The history file is also
truncated to this size after writing it when a shell exits. If
the value is 0, the history file is truncated to zero size.
Non-numeric values and numeric values less than zero inhibit
truncation. The shell sets the default value to the value of
HISTSIZE after reading any startup files.
HISTSIZE
The number of commands to remember in the command history (see
HISTORY below). If the value is 0, commands are not saved in
the history list. Numeric values less than zero result in every
command being saved on the history list (there is no limit).
The shell sets the default value to 500 after reading any
startup files.
| 17:42:51 |
scorpion2185 | https://bbs.archlinux.org/viewtopic.php?pid=2146951#p2146951 | 17:46:17 |
scorpion2185 | i keep having this tmp files | 17:46:30 |
scorpion2185 | ls -1 .bash_history*
.bash_history
.bash_history-03581.tmp
.bash_history-07616.tmp
.bash_history-08765.tmp
| 17:46:47 |
| lunardigs 🌒 changed their display name from lunardigs () to lunardigs 🌒. | 19:57:35 |
16 Apr 2024 |
iam_tj | I have really strange issue with a variable in a bash here-doc not being unset, or accepting another value, and I cannot see why not. It's a script to demo IPSec config; as part of it I set ID to a group of values prior to each ip xfrm command. For 2 ip xfrm state add ... commands the src and dst options swap values. However, when monitoring the script with set -x it shows the value of ID not having changed for the 2nd command which then fails.
+ ID='dst 2001:db8:1000::0 src 2001:db8:1000::1 proto esp spi 0xFFFFFFFF'
+ echo 'dst 2001:db8:1000::1 src 2001:db8:1000::0 proto esp spi 0xFFFFFFFF'
dst 2001:db8:1000::1 src 2001:db8:1000::0 proto esp spi 0xFFFFFFFF
+ ip -netns ipsec-router0 xfrm state add dst 2001:db8:1000::1 src 2001:db8:1000::0 proto esp spi 0xFFFFFFFF mode tunnel auth sha256 0x0123456789ABCDEF0123456789ABCDEF enc aes 0xFEDCBA9876543210FEDCBA9876543210
+ unset ID
+ ID='src 2001:db8:1000::0 dst 2001:db8:1000::1 proto esp spi 0xFFFFFFFF'
+ echo 'dst 2001:db8:1000::1 src 2001:db8:1000::0 proto esp spi 0xFFFFFFFF'
dst 2001:db8:1000::1 src 2001:db8:1000::0 proto esp spi 0xFFFFFFFF
+ ip -netns ipsec-router0 xfrm state add dst 2001:db8:1000::1 src 2001:db8:1000::0 proto esp spi 0xFFFFFFFF mode tunnel auth sha256 0x0123456789ABCDEF0123456789ABCDEF enc aes 0xFEDCBA9876543210FEDCBA9876543210
RTNETLINK answers: File exists
The script that experiences this is:
# Security Associations
ID="dst ${ipv6_prefix}::0 src ${ipv6_prefix}::1 proto esp spi $ipsec_policy"
echo "$ID"
ip -netns "ipsec-router${r}" xfrm state add $ID mode "tunnel" auth "sha256" "$ipsec_key_auth" enc "aes" "$ipsec_key_enc"
unset ID
ID="src ${ipv6_prefix}::0 dst ${ipv6_prefix}::1 proto esp spi $ipsec_policy"
echo "$ID"
ip -netns "ipsec-router${r}" xfrm state add $ID mode "tunnel" auth "sha256" "$ipsec_key_auth" enc "aes" "$ipsec_key_enc"
| 14:52:13 |
iam_tj | Can anyone spot something I'm missing here!? | 14:52:48 |
bkil | Works here. Could you perhaps share the whole script? I have a feeling you also have another variable named ID in an outer scope and when you unset ID, it only unsets the one in the inner scope. | 14:57:13 |