Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Initial commit

  • Loading branch information...
commit a831a9bd84160d4c0aa120e13f318d93ff737e94 0 parents
@sstephenson authored
20 LICENSE
@@ -0,0 +1,20 @@
+Copyright (c) 2011 Sam Stephenson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
55 README.md
@@ -0,0 +1,55 @@
+gosh: Security theater for piped shell scripts
+==============================================
+
+Concerned about theoretical man-in-the-middle attacks when piping
+scripts from `curl` to your shell?
+
+Enter `gosh`. It's like a TSA backscatter machine for your computer.
+Install it with RubyGems:
+
+ $ gem install gosh
+
+Then pipe it a shell script:
+
+ $ curl https://github.com/sstephenson/gosh/blob/master/hello.sh | gosh
+
+`gosh` will open the script in your `$EDITOR` where you can review it
+for any liquids, metals, explosives, or unattended baggage. If you
+accept the contents of the script, enter `YES` at the top of the file,
+save it, close it, and `gosh` will run it. Otherwise, just close the
+file and it won't be run.
+
+### Extra-secure SHA512 digest mode
+
+In addition to the interactive mode described above, `gosh` can also
+accept a SHA512 digest from the command line with the `-d` flag:
+
+ $ curl https://github.com/sstephenson/gosh/blob/master/hello.sh | gosh -d c131b1a23b0279072cfe59bca7a69fe4a41e9ad2c825ac0deacc2e836e817193b4a4f587ee4d287e960ef416718b4d2c3531716b3f343b1d129f241f79ea2c3b
+
+If the specified digest does not match the digest of the piped script,
+`gosh` will refuse to execute it.
+
+### License
+
+(The MIT License)
+
+Copyright (c) 2011 Sam Stephenson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
76 bin/gosh
@@ -0,0 +1,76 @@
+#!/usr/bin/env ruby
+
+require "tempfile"
+require "shellwords"
+require "digest/sha2"
+
+EDITOR = ENV["EDITOR"] || "vi"
+SHELL = ENV["SHELL"] || "sh"
+
+def usage
+ warn <<-EOS.strip
+gosh is security theater for piped shell scripts
+usage: curl <url> | #$0
+ curl <url> | #$0 -d <digest> # extra-secure SHA512 digest mode
+ EOS
+ exit -1
+end
+
+def confirm(script_source)
+ tempfile = Tempfile.new("FRIGHTENINGLY_DANGEROUS_SCRIPT")
+ tempfile.write <<-EOS
+
+# --- PLACE YOUR ANSWER ABOVE THIS LINE ---------------------
+#
+# Do you want to run the following script?
+#
+# To run, enter YES above, then save this file and close it.
+# If you do not want to run the script, close this file.
+#
+# -----------------------------------------------------------
+
+ EOS
+
+ tempfile.write script_source
+ tempfile.close
+
+ command = "#{Shellwords.escape(editor)} #{Shellwords.escape(tempfile.path)}"
+ system(command) or abort("error communicating with #{editor}")
+
+ source = IO.read(tempfile.path)
+ source[/\A(.*)^# --- PLACE YOUR ANSWER ABOVE THIS LINE/m, 1].strip
+end
+
+def perform(script)
+ tempfile = Tempfile.new("gosh-script")
+ tempfile.write script
+ tempfile.close
+ exec SHELL, tempfile.path
+end
+
+
+usage if $stdin.tty?
+script_source = $stdin.read
+
+
+if ARGV.length > 0
+ if ARGV[0] == "-d" && given_digest = ARGV[1]
+ actual_digest = Digest::SHA512.hexdigest(script_source)
+ if given_digest.downcase == actual_digest
+ perform(script_source)
+ else
+ warn "digest mismatch (actual is #{actual_digest}), aborting"
+ exit 1
+ end
+ else
+ usage
+ end
+else
+ answer = confirm(script_source)
+ if answer =~ /^yes$/i
+ perform(script_source)
+ else
+ warn "not running piped script"
+ exit 1
+ end
+end
12 gosh.gemspec
@@ -0,0 +1,12 @@
+Gem::Specification.new do |s|
+ s.name = "gosh"
+ s.version = "1.0.0"
+ s.authors = ["Sam Stephenson"]
+ s.email = ["sstephenson@gmail.com"]
+ s.homepage = "https://github.com/sstephenson/gosh"
+ s.summary = "Security theater for piped shell scripts"
+ s.description = "Security theater for piped shell scripts."
+ s.files = ["bin/gosh", "lib/gosh.rb"]
+ s.executables = ["gosh"]
+ s.has_rdoc = false
+end
3  hello.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+echo "Hello world"
0  lib/gosh.rb
No changes.
Please sign in to comment.
Something went wrong with that request. Please try again.