Commit 364224c2 authored by Tong Sun's avatar Tong Sun

New upstream version 4.0.1+git20190127.699738e

parents
# let git show off diff hunk headers, help git diff -L:
# https://git-scm.com/docs/gitattributes
*.c diff=c
configure diff=nodiff
# omit from git archive
.gitattributes export-ignore
.gitignore export-ignore
.travis.yml export-ignore
# for linguist; let github identify our project as C++
/config/* linguist-vendored
/m4/* linguist-vendored
*.md linguist-documentation
shc.1 linguist-documentation
/doc/* linguist-documentation
*.html linguist-documentation
*.css linguist-vendored
*.js linguist-vendored
*.xml linguist-vendored
*.in linguist-vendored diff=nodiff
*.m4 linguist-vendored diff=nodiff
*.scan linguist-vendored
shc linguist-vendored diff=nodiff
src/.deps
src/shc
src/shc.o
*Makefile
config.status
/build
/autom4te.cache
*.scan
/img
/doc
*.bak
/.project
/.settings
*.png
*.jpg
*.log
a.out
*.x
*.x.c
dist: xenial
sudo: required
language: c
before_install:
- sudo apt-get update -q
- sudo apt install dash bash ash ksh zsh tcsh csh rc
script:
- ./autogen.sh
- ./configure
- make
- make test
Francisco Garcia <frosal@fi.upm.es>
MD. JAHIDUL HAMID <jahidulhamid@yahoo.com>
This diff is collapsed.
CHANGES
4.0.1 Tue Nov 20 08:22:20 UTC 2018
* Add LDFLAGS environment variable (Thanks to zboszor <https://github.com/zboszor>)
4.0.0 Mon Nov 12 16:54:56 UTC 2018
* Add -H option for extra security without root (Thanks to intika <https://github.com/intika>). It protects against dumping, code injection, `cat /proc/pid/cmdline`, ptrace, etc.. (only works with Bourne shell (sh) scripts with no parameter)
* Add -s option to force single process for hardening features (requires -H) <https://github.com/intika>. (only works with Bourne shell (sh) scripts with no parameter)
* dash support
3.9.8 Sat Oct 20 17:49:28 UTC 2018
* Add setuid option -S (Thanks to Boon Pang <https://github.com/wombat78>)
3.9.7 Sat Oct 20 15:25:13 UTC 2018
* Fix issue #58
3.9.6 Sat Jun 3 10:05:03 UTC 2017
* Fix issue #38
3.9.5 Wed May 31 01:35:33 UTC 2017
* Fix issue #36
3.9.4 Sat May 13 18:46:05 UTC 2017
* Fix issue #23 (debian bug #861180) (Thanks to original author Francisco Rosales <frosal@fi.upm.es>)
3.9.3 Sat Jul 30 18:46:34 BDT 2016
* zsh support
* Fix issue #13 (https://github.com/neurobin/shc/issues/13)
3.9.2 Fri Aug 21 16:12:33 BDT 2015
Added BusyBox support with patch taken from:
https://onedrive.live.com/prev?cid=18a41d08a9f3c543&id=18A41D08A9F3C543!231&authkey=!AJQ6Iah_5D3WJ60&v=TextFileEditor
as suggested by https://github.com/marcoburatto
3.9.1 Fri Apr 03 00:22:11 GMT 2015
Renamed option -T to -U and reversed it's logic.
So now, the executable prepared will execute without using sudo,
by default.
3.9.0 Wed Apr 01 08:35:22 AM GMT 2015
(http://github.com/neurobin)
Added output file option with [-o filename]
and fixed bug on make install (manual install failed)
Now you can access manual by entering command: man shc
in a terminal.
3.8.9 Wed Apr 25 09:24:25 CEST 2012
Thanks to Giacomo Picconi <giacomo.picconi@gpstudio.com> for:
- Fixing a long standing bug making the source not hidden.
3.8.8 Mon Nov 28 11:26:25 CEST 2012
"me".
3.8.7 Wed Feb 10 20:40:37 CET 2010
- Bug on 64bit systems with expiration dates.
3.8.6 Fri Jul 7 15:54:39 CEST 2006
Thanks to George Danchev <danchev@spnet.net> for:
- License clarification about the rc4 implementation.
3.8.5 Fri Oct 21 13:11:36 CEST 2005
Thanks to Jukka A. Ukkonen <jau(a)iki.fi> for:
- Fixed untraceable() problems on FreeBSD.
3.8.4 Tue Oct 4 16:52:15 CEST 2005
Thanks to Ron McOuat for:
- Fixed sma11 -d option bug.
3.8.3 Tue Jun 28 21:29:06 CEST 2005
Thanks to Jacek Kalinski <jacek@dyski.one.pl> for:
- Fixed bug: "vfork" fails on multiprocessor systems.
3.8.2 Thu Jun 16 17:15:59 CEST 2005
Thanks to Arjen Visser <arjen.visser@avisit.co.nz> for:
- Fixed bug: "rlax" used after encryption.
Thanks to Nalneesh Gaur <Nalneesh.Gaur@accenture.com> for:
- Read permision of the script.x exposes it to disassembling.
- Group and others read permision is now removed by default.
3.8 Thu Nov 4 20:33:52 CET 2004
Fixed incorrect implementation on rc4.
Hidden all the binary executable symbols but one.
Expiration date and most strings are encrypted too.
All the encrypted payload is now randomized.
3.7 Wed Jun 18 16:32:26 CEST 2003
Thanks to Philipp Koller <philipp@open.ch> for:
- Removed all strings in the compiled script.
- Improved program output and error messages.
- The -m option allows to define the *complete* expiration message.
- Updated manpage shc.1.
Thanks to Bryan <bryan.hogan@dstintl.com> for:
- Fix wrong $0 on ksh.
3.6 Fri Feb 21 09:40:32 CET 2003
Two new options:
-D switch on Debug exec calls.
-T switch off unTraceable.
Bash does not need -- after -c.
3.5 Mon Jan 20 19:08:43 CET 2003
Rewrite of large strings to silence the ISO C89 compiler
warnings about strings larger than 509 characters.
3.4 Tue Apr 16 17:43:12 CEST 2002
Remove "bad alignment" problem on AIX and other systems.
Where exists, use /proc/<pid>/as in untraceable.
3.3 Thu Jan 24 21:27:07 CET 2002
Prevent to ptrace the process.
3.2 Tue Mar 9 19:03:54 CET 1999
Find ancient pclose that must be fclose.
3.1 Tue Feb 16 21:36:59 CET 1999
Fixed a misbehavior on scripts with a in-frist-line option
equal to "end of options" (i.e. #!/bin/sh -- )
(Thanks to Bernard Blundell <blundell@lts.sel.alcatel.de>)
Stupid GCC "warning: return type of `main' is not `int'" removed.
3.0 Tue Oct 14 14:20:52 MET DST 1997
Added a new option "-r" to force a relaxed security and
so make a redistributable binary.
Modified expiration day format. Now is dd/mm/yyyy.
3.0b3 Fri Jun 6 22:09:05 WET DST 1997
Yet other few bugs fixed.
Output format simplified.
-pedantic compilation.
3.0b2 Tue Jun 3 17:51:51 GMT 1997
Some explicit type conversions removed.
Fixed the bug "END_OF_FILE" when compiling the generated code.
A flush is needed before a pclose.
st_blksize and st_blocks struct stat fields does not exist on
SCO, both not used now.
3.0b1 Wed Feb 26 14:27:22 WET 1997
The main difference with 2.4 is that in it the script was
compressed an then shuffle around, now int 3.0 the script is encripted
with an inline code, so not needend any external comand to work, and been
faster at startup. Other related adventage is that the only information
not encripted in .x.c is an stamp, expiration date and provider email
address.
Something equivalent to cheksums have been used to enforced at
execution that the executing shell has not been modified from the time
the script was compiled. If anybody tries to change the excuting shell,
.x will refuse to execute.
The generated .x.c source code is now readable.
This diff is collapsed.
AUTOMAKE_OPTIONS = subdir-objects
ACLOCAL_AMFLAGS = -I m4
SUBDIRS = src
EXTRA_DIST = autogen.sh README.md .gitattributes .gitignore .travis.yml test
dist_man_MANS = shc.1
test: check
This diff is collapsed.
README.md
[![build status image](https://travis-ci.org/neurobin/shc.svg?branch=release)](https://travis-ci.org/neurobin/shc)
[![GitHub stars](https://img.shields.io/github/stars/neurobin/shc.svg)](https://github.com/neurobin/shc/stargazers)
[![GitHub forks](https://img.shields.io/github/forks/neurobin/shc.svg)](https://github.com/neurobin/shc/network)
[![GitHub issues](https://img.shields.io/github/issues/neurobin/shc.svg)](https://github.com/neurobin/shc/issues)
# Shell Script Compiler
A generic shell script compiler. Shc takes a script, which is specified on the command line and produces C source code. The generated source code is then compiled and linked to produce a stripped binary executable.
The compiled binary will still be dependent on the shell specified in the first line of the shell code (i.e shebang) (i.e. #!/bin/sh), thus shc does not create completely independent binaries.
shc itself is not a compiler such as cc, it rather encodes and encrypts a shell script and generates C source code with the added expiration capability. It then uses the system compiler to compile a stripped binary which behaves exactly like the original script. Upon execution, the compiled binary will decrypt and execute the code with the shell -c option.
## Install
```bash
./configure
make
sudo make install
```
**Note** If `make` fails due to *automake* version, run `./autogen.sh` before running the above commands.
### Ubuntu-specific
```
sudo add-apt-repository ppa:neurobin/ppa
sudo apt-get update
sudo apt-get install shc
```
If the above installation method seems like too much work, then just download a compiled binary package from [release page](https://github.com/neurobin/shc/releases/latest) and copy the `shc` binary to `/usr/bin` and `shc.1` file to `/usr/share/man/man1`.
## Usage
```
shc [options]
shc -f script.sh -o binary
shc -U -f script.sh -o binary # Untraceable binary (prevent strace, ptrace etc..)
shc -H -f script.sh -o binary # Untraceable binary, does not require root (only bourne shell (sh) scripts with no parameter)
shc -H -s -f script.sh -o binary # Untraceable binary running in a singe process, does not require root (only bourne shell (sh) scripts with no parameter)
```
## The hardening flag -H
This flag is currently in an experimental state and may not work in all systems. This flag only works for **default** shell. For example, if you compile a **bash** script with `-H` flag then the resultant executable will only work in systems where the default shell is **bash**. You may change the default shell which generally is `/bin/sh` which further is just a link to another shell like bash or dash etc.
**Also `-H` does not work with positional parameters (yet)**
## Testing
```bash
./configure
make
make check
```
## Known limitations
The one (and I hope the only) limitation using shc is the _SC_ARG_MAX system configuration parameter.
It limits the maximum length of the arguments to the exec function, limiting the maximum length of the runnable script of shc.
!! - CHECK YOUR RESULTS CAREFULLY BEFORE USING - !!
## Links
1. [Man Page](http://neurobin.github.io/shc/man.html)
2. [Web Page](http://neurobin.github.io/shc)
# Contributing
If you want to make pull requests, please do so against the **master** branch. The default branch is **release** which should contain clean package files ready to be used.
If you want to edit the manual, please edit the **man.md** file (available in the master branch) instead and then generate the manual file from it with the command (requires `pandoc` to be installed):
```bash
pandoc -s man.md -t man -o shc.1
#also run this command to generate the html manual
pandoc -s man.md -t html -o man.html
```
If you change anything related to autotools, please run `./autogen.sh` afterwards.
This diff is collapsed.
#!/bin/sh
autoreconf --force --install
#! /bin/sh
# Wrapper for compilers which do not understand '-c -o'.
scriptversion=2012-10-14.11; # UTC
# Copyright (C) 1999-2014 Free Software Foundation, Inc.
# Written by Tom Tromey <tromey@cygnus.com>.
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a
# configuration script generated by Autoconf, you may include it under
# the same distribution terms that you use for the rest of that program.
# This file is maintained in Automake, please report
# bugs to <bug-automake@gnu.org> or send patches to
# <automake-patches@gnu.org>.
nl='
'
# We need space, tab and new line, in precisely that order. Quoting is
# there to prevent tools from complaining about whitespace usage.
IFS=" "" $nl"
file_conv=
# func_file_conv build_file lazy
# Convert a $build file to $host form and store it in $file
# Currently only supports Windows hosts. If the determined conversion
# type is listed in (the comma separated) LAZY, no conversion will
# take place.
func_file_conv ()
{
file=$1
case $file in
/ | /[!/]*) # absolute file, and not a UNC file
if test -z "$file_conv"; then
# lazily determine how to convert abs files
case `uname -s` in
MINGW*)
file_conv=mingw
;;
CYGWIN*)
file_conv=cygwin
;;
*)
file_conv=wine
;;
esac
fi
case $file_conv/,$2, in
*,$file_conv,*)
;;
mingw/*)
file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'`
;;
cygwin/*)
file=`cygpath -m "$file" || echo "$file"`
;;
wine/*)
file=`winepath -w "$file" || echo "$file"`
;;
esac
;;
esac
}
# func_cl_dashL linkdir
# Make cl look for libraries in LINKDIR
func_cl_dashL ()
{
func_file_conv "$1"
if test -z "$lib_path"; then
lib_path=$file
else
lib_path="$lib_path;$file"
fi
linker_opts="$linker_opts -LIBPATH:$file"
}
# func_cl_dashl library
# Do a library search-path lookup for cl
func_cl_dashl ()
{
lib=$1
found=no
save_IFS=$IFS
IFS=';'
for dir in $lib_path $LIB
do
IFS=$save_IFS
if $shared && test -f "$dir/$lib.dll.lib"; then
found=yes
lib=$dir/$lib.dll.lib
break
fi
if test -f "$dir/$lib.lib"; then
found=yes
lib=$dir/$lib.lib
break
fi
if test -f "$dir/lib$lib.a"; then
found=yes
lib=$dir/lib$lib.a
break
fi
done
IFS=$save_IFS
if test "$found" != yes; then
lib=$lib.lib
fi
}
# func_cl_wrapper cl arg...
# Adjust compile command to suit cl
func_cl_wrapper ()
{
# Assume a capable shell
lib_path=
shared=:
linker_opts=
for arg
do
if test -n "$eat"; then
eat=
else
case $1 in
-o)
# configure might choose to run compile as 'compile cc -o foo foo.c'.
eat=1
case $2 in
*.o | *.[oO][bB][jJ])
func_file_conv "$2"
set x "$@" -Fo"$file"
shift
;;
*)
func_file_conv "$2"
set x "$@" -Fe"$file"
shift
;;
esac
;;
-I)
eat=1
func_file_conv "$2" mingw
set x "$@" -I"$file"
shift
;;
-I*)
func_file_conv "${1#-I}" mingw
set x "$@" -I"$file"
shift
;;
-l)
eat=1
func_cl_dashl "$2"
set x "$@" "$lib"
shift
;;
-l*)
func_cl_dashl "${1#-l}"
set x "$@" "$lib"
shift
;;
-L)
eat=1
func_cl_dashL "$2"
;;
-L*)
func_cl_dashL "${1#-L}"
;;
-static)
shared=false
;;
-Wl,*)
arg=${1#-Wl,}
save_ifs="$IFS"; IFS=','
for flag in $arg; do
IFS="$save_ifs"
linker_opts="$linker_opts $flag"
done
IFS="$save_ifs"
;;
-Xlinker)
eat=1
linker_opts="$linker_opts $2"
;;
-*)
set x "$@" "$1"
shift
;;
*.cc | *.CC | *.cxx | *.CXX | *.[cC]++)
func_file_conv "$1"
set x "$@" -Tp"$file"
shift
;;
*.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO])
func_file_conv "$1" mingw
set x "$@" "$file"
shift
;;
*)
set x "$@" "$1"
shift
;;
esac
fi
shift
done
if test -n "$linker_opts"; then
linker_opts="-link$linker_opts"
fi
exec "$@" $linker_opts
exit 1
}
eat=
case $1 in
'')
echo "$0: No command. Try '$0 --help' for more information." 1>&2
exit 1;
;;
-h | --h*)
cat <<\EOF
Usage: compile [--help] [--version] PROGRAM [ARGS]
Wrapper for compilers which do not understand '-c -o'.
Remove '-o dest.o' from ARGS, run PROGRAM with the remaining
arguments, and rename the output as expected.
If you are trying to build a whole package this is not the
right script to run: please start by reading the file 'INSTALL'.
Report bugs to <bug-automake@gnu.org>.
EOF
exit $?
;;
-v | --v*)
echo "compile $scriptversion"
exit $?
;;
cl | *[/\\]cl | cl.exe | *[/\\]cl.exe )
func_cl_wrapper "$@" # Doesn't return...
;;
esac
ofile=
cfile=
for arg
do
if test -n "$eat"; then
eat=
else
case $1 in
-o)
# configure might choose to run compile as 'compile cc -o foo foo.c'.
# So we strip '-o arg' only if arg is an object.
eat=1
case $2 in
*.o | *.obj)
ofile=$2
;;
*)
set x "$@" -o "$2"
shift
;;
esac
;;
*.c)
cfile=$1
set x "$@" "$1"
shift
;;
*)
set x "$@" "$1"
shift
;;
esac
fi
shift
done
if test -z "$ofile" || test -z "$cfile"; then
# If no '-o' option was seen then we might have been invoked from a
# pattern rule where we don't need one. That is ok -- this is a
# normal compilation that the losing compiler can handle. If no
# '.c' file was seen then we are probably linking. That is also
# ok.
exec "$@"
fi
# Name of file we expect compiler to create.
cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'`
# Create the lock directory.
# Note: use '[/\\:.-]' here to ensure that we don't use the same name
# that we are using for the .o file. Also, base the name on the expected
# object file name, since that is what matters with a parallel build.
lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d
while true; do
if mkdir "$lockdir" >/dev/null 2>&1; then
break
fi
sleep 1
done
# FIXME: race condition here if user kills between mkdir and trap.
trap "rmdir '$lockdir'; exit 1" 1 2 15
# Run the compile.
"$@"
ret=$?
if test -f "$cofile"; then
test "$cofile" = "$ofile" || mv "$cofile" "$ofile"
elif test -f "${cofile}bj"; then
test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile"
fi
rmdir "$lockdir"
exit $ret
# Local Variables:
# mode: shell-script
# sh-indentation: 2
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "scriptversion="
# time-stamp-format: "%:y-%02m-%02d.%02H"
# time-stamp-time-zone: "UTC"
# time-stamp-end: "; # UTC"
# End:
This diff is collapsed.
This diff is collapsed.
#! /bin/sh
# Common wrapper for a few potentially missing GNU programs.
scriptversion=2013-10-28.13; # UTC
# Copyright (C) 1996-2014 Free Software Foundation, Inc.
# Originally written by Fran,cois Pinard <pinard@iro.umontreal.ca>, 1996.
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
# As a special exception to the GNU General Public License, if you
# distribute this file as part of a program that contains a