Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
a signature verifying command interpreter
Shell Perl Makefile
Branch: master

2015-02-10:

 * merge changes from Y!:
   * change '-c' to '-f', since login shells might get invoked with '-c',
     which opens up the possibility of allowing a user to provide their
     own certificate via 'ssh host -- /dev/tty'
   * correct error reporting, since verifyArgs() is executed in a subshell
   * quote args to verifyArgs
latest commit e0a029591f
@jschauma authored
Failed to load latest commit information.
certs Initial import from Yahoo!
doc 2015-02-10:
src
test 2015-02-10:
CHANGES 2015-02-10:
LICENSE Initial import from Yahoo!
README Initial import from Yahoo!

README

sigsh is a non-interactive, signature requiring and verifying command
interpreter. More accurately, it is a signature verification wrapper
around a given shell. It reads input in PKCS#7 format from standard in,
verifies the signature and, if the signature matches, pipes the decoded
input into the command interpreter.

Related:
	NetBSD's Veriexec
	MS Powershell ExecutionPolicy
	OpenBSD's "Stephanie" / TPE
		http://packetfactory.openwall.net/projects/stephanie/index.html
	Linux Trusted Path Execution
Something went wrong with that request. Please try again.