Re: Console Setup

To: Armin ranjbar <zoup@zoup.org>
Cc: debian-isp@lists.debian.org
Subject: Re: Console Setup
From: Craig Sanders <cas@taz.net.au>
Date: Wed, 7 May 2008 19:28:15 +1000
Message-id: <[🔎] 20080507092815.GK14146@taz.net.au>
In-reply-to: <[🔎] 20080507102321.dabf201e.zoup@zoup.org>
References: <[🔎] 20080507102321.dabf201e.zoup@zoup.org>

On Wed, May 07, 2008 at 10:23:21AM +0430, Armin ranjbar wrote:
> do you know any console based application which could replace root shell
> to allow some tasks ( configuration of ip addresses , etc ) get done by
> using menus ?

firstly to do the root stuff, you'll need sudo or similar. write wrapper
scripts to do specific tasks, and then configure sudo to let particular
users run them as root. don't trust the user input too much, just the
bare minimum needed to get the job done.

actually, don't trust user input at all - sanity check all input data,
dont use it directly for command-line args, and transform it or quote it
to make it safe. if the scripts are in perl, use taint mode - it will
warn you when your code will use unsafe/tainted data to do something
potentially dangerous.

if they are shell scripts, you'll need to do your own taint checking,
and never use bare variable names as arguments to programs or in
if/while/case etc statements - instead, wrap them in quotes.

e.g. don't do stuff like this:

if [ $USERDATA = "bar" ] ; then
/bin/foo $USERDATA
fi
case $MOREUSERDATA in
...
...
esac

these break if $USERDATA is null or contains more than one "word". and
anything could happen if /bin/foo is careless about using its args.

do stuff like this, instead:

if [ "$USERDATA" = "bar" ] ; then
/bin/foo "$USERDATA"
fi
case "$MOREUSERDATA" in
...
...
esac

oh yeah, use hard-coded paths when running programs. don't trust the
user's PATH or anything else in their environment.

in general, hard-code as much as possible into the scripts, and when
writing them spend a lot of time thinking about possible ways that your
script could be abused/exploited, and then make sure that those exploits
don't work.

be very wary of running vi (or any program which lets you run other
programs) as root. instead copy the file to a temporary location, using
tempfile(1) to get a safe temp filename, invoke the user's favourite
editor as the logged in user, and then have a sudo script which copies
the edited file into place (check the return code of the editor to find
out if the user saved or quit first). the sudo copying script should
make sure permissions are correct after copying. oh yeah, checking the
file into RCS before and after editing it is a good idea - if they screw
up, you can revert to any prior version.

there's lot of other security issues to think of. these are a reasonable
starting point. there are numerous FAQs and HOWTOs and so on available
on the net which can help get you into a properly paranoid and cautious
frame of mind.

overall: be paranoid.

once you've done that, you'll need a menu-ing program.

there are numerous programs and packages to choose from. here's a
sample.

about 15 years ago, i set up a simple text menu system using lynx as
the front end. it can (or could at the time, dunno if it still can) run
external programs.

in more recent years, i've written stuff using libcurses-ui-perl[1]
(which does a lot more than just menus). i like it. i'll use it again.

if you can program at all, this is very easy to learn and use.

if for some reason i needed to look for something different, or more
focused on menus, i'd probably look at first at pdmenu[2], or maybe
libperlmenu-perl[3] just because they're packaged already for debian.
never used them, don't know how good they are.

there are many other options.

try googling for 'curses text +console +menu' or similar.

[1] Package: libcurses-ui-perl
Priority: optional
Section: perl
Installed-Size: 852
Maintainer: Debian Perl Group <pkg-perl-maintainers@lists.alioth.debian.org>
Architecture: all
Version: 0.9603-1
Depends: libcurses-perl, libterm-readkey-perl, perl (>= 5.6.0-16)
Filename: pool/main/libc/libcurses-ui-perl/libcurses-ui-perl_0.9603-1_all.deb
Size: 239354
MD5sum: 4c91ba9a40e997c04cba996790a89693
SHA1: 0243ddcfa4e4fd7406830335fe4262f718ed7c05
SHA256: 74cea4a8caff49f7c79fb776a20694ff801ad222fa915b0b9c127e1b0c16873f
Description: curses-based OO user interface framework for Perl
A UI framework for Perl based on the curses library. Curses::UI contains
the standard set of widgets for use in constructing user interfaces, plus
the following more advanced widgets: calendar, progress bar, text editor
(including word wrapping and undo), and text viewer. It supports a
variety of dialog windows, from the standard basic and error dialogs to
file browsers, progress bars, and a calendar. Curses::UI also has
internationalization support and currently has localization information
for several languages.
Homepage: http://search.cpan.org/dist/Curses-UI/
Tag: devel::lang:perl, devel::library, implemented-in::perl, interface::text-mode, role::devel-lib, role::shared-lib, uitoolkit::ncurses

[2] Package: pdmenu
Priority: optional
Section: shells
Installed-Size: 264
Maintainer: Joey Hess <joeyh@debian.org>
Architecture: amd64
Version: 1.2.93
Depends: libc6 (>= 2.6.1-1), libgpmg1 (>= 1.19.6-1), libslang2 (>= 2.0.7-1)
Suggests: menu (>= 2.1.29)
Conflicts: menu (<< 2.0.0-5)
Filename: pool/main/p/pdmenu/pdmenu_1.2.93_amd64.deb
Size: 56582
MD5sum: 538911a7cd4a40dfeb6278567c7cdf1d
SHA1: 76dcd7f75c87df42896dbb5e4a39c91da7d36e9c
SHA256: d59046d184baa66281c050fd57e823b155d0f145ebb584944d02593b42d900ac
Description: simple console menu program
A full screen console menu program, intended to be comfortable login shell
for inexperienced users.
.
Pdmenu interfaces with Debian's menu system, to provide
automatically-generated lists of installed programs.
Tag: interface::shell, interface::text-mode, role::program, scope::utility, suite::debian, uitoolkit::ncurses, use::browsing

[3] Package: libperlmenu-perl
Priority: extra
Section: perl
Installed-Size: 220
Maintainer: Deepak Tripathi <apenguinlinux@gmail.com>
Architecture: all
Version: 4.0-5
Replaces: perlmenu
Depends: perl (>= 5.6.0-16), libcurses-perl
Conflicts: perlmenu
Filename: pool/main/libp/libperlmenu-perl/libperlmenu-perl_4.0-5_all.deb
Size: 84292
MD5sum: 46a55e52acf61e739c4089f28f0b66ac
SHA1: 62faa7c696e0063fd03914b1d3fe6108a87bb3ab
SHA256: a92d54c005ef118bb15ea4dada6e55a03a4fd8c1c329e98fd50a82709dda8837
Description: Menu and Template (curses-based) UI for Perl
perlmenu is a Perl module that provides your application
with access to easy-to-use functions for templates,
menus, forms, and the like -- everything needed
to put a slick UI on a program without resorting to
a GUI.
.
Homepage: http://search.cpan.org/~skunz/perlmenu/
Tag: devel::lang:perl, implemented-in::perl, role::shared-lib

craig

--
craig sanders <cas@taz.net.au>

There are two types of Linux developers - those who can spell, and
those who can't. There is a constant pitched battle between the two.
-- From one of the post-1.1.54 kernel update messages posted to c.o.l.a

Reply to:

Follow-Ups:
- Re: Console Setup
  - From: Armin ranjbar <zoup@zoup.org>

References:
- Console Setup
  - From: Armin ranjbar <zoup@zoup.org>

Prev by Date: Re: 32bit or 64bit?
Next by Date: Re: Console Setup
Previous by thread: Re: Console Setup
Next by thread: Re: Console Setup
Index(es):
- Date
- Thread