一個小標(biāo)點引發(fā)一串匪夷所思的問題........

wwr

今天在寫有關(guān)通過shadow文件確定賬號是否符合安全標(biāo)準(zhǔn)的腳本：檢查賬戶有效期、檢查賬戶是否設(shè)置密碼等等。
首先看看這個檢查賬戶有效期的腳本，主要是截取shadow文件第八段，判斷賬戶的過期時間，并echo警告信息。

1.         while IFS=: read -r f1 f2 f3 f4 f5 f6 f7 f8
   
2.           do
   
3.           if [ ! -z $f8 ]
   
4.           then
   
5.         expd="`date -d "1970-01-01+$f8 day" '+%Y-%m-%d'`"
   
6.         echo -e "$ATT The account: $f1 will expried at $expd. Please contact your administrator!"
   
7.         else echo -e "Checking account $f1 expire date.                $OK"
   
8.         fi
   
9.         done</etc/shadow
   

復(fù)制代碼

我們來執(zhí)行一下

1. [root@butter ~]# ./secure.sh
   
2. ........
   
3. Checking account gopher expire date.            [  OK  ]
   
4. ***Attention***    The account: john will expried at 2013-03-04. Please contact your administrator!
   
5. Checking account nobody expire date.            [  OK  ]
   
6. .....
   
7. [root@butter ~]# cat /etc/shadow|grep john
   
8. john:$6$hX2SaZv8$TZbICUPboyu2XmVVgYOfDFqvR7sKJeD0N5D2pvmxo3H8bmVl8eCroOLcJYEw6.uvkfQwgg/8b2wV1dvszi79a.:15708:0:99999:7::15768:
   

復(fù)制代碼

一切順利，只要對這個賬戶設(shè)定的密碼過期時間，他都能準(zhǔn)確的根據(jù)第八段時間計算出過期時間。

接著我們來檢查賬戶是否設(shè)置密碼。其實和上面的腳本幾乎一樣，唯一改變的是替換成第二字段，只要第二字段不為空我們就認(rèn)為他是有密碼的。腳本內(nèi)容如下

1.         while IFS=: read -r f1 f2 f3 f4 f5 f6 f7 f8
   
2.           do
   
3.           if [ -z $f2 ]
   
4.           then
   
5.         echo -e "$WAR The account: $f1 has empty password! Please contact your administrator!"
   
6.         fi
   
7.         else -e "Checking whether the  account $1 has set a password         $OK"
   
8.         done</etc/shadow
   

復(fù)制代碼

結(jié)果執(zhí)行之后離奇的出現(xiàn)錯誤

1. ./secure.sh: line 4: [: too many arguments

復(fù)制代碼

腳本內(nèi)容完全是參照檢查賬戶有效期的那個來修改的，而且沒有任何錯別字。但就是無法解釋。
我試圖讓腳本不進(jìn)行判斷，只輸出$f2的內(nèi)容：

1. [root@butter ~]# cat secure.sh
   
2. while IFS=: read -r f1 f2 f3 f4 f5 f6 f7 f8
   
3. do
   
4. echo $f2
   
5. done</etc/shadow
   
6. [root@butter ~]# ./secure.sh
   
7. $2y$10$ULX4kt.sVMbsjg0bBwj8FuCF9Exy2GzxnpgbCOZLf.Jtj5FQ7.DjC
   
8. ALL_LINE Desktop Documents FLAG UNIQ_LINE autoinst.xml bin inst-sys passwd passwd2 secure.sh st
   
9. ALL_LINE Desktop Documents FLAG UNIQ_LINE autoinst.xml bin inst-sys passwd passwd2 secure.sh st
   
10. ALL_LINE Desktop Documents FLAG UNIQ_LINE autoinst.xml bin inst-sys passwd passwd2 secure.sh st
    
11. ALL_LINE Desktop Documents FLAG UNIQ_LINE autoinst.xml bin inst-sys passwd passwd2 secure.sh st
    
12. .............
    

復(fù)制代碼

除了第一行顯示正常的密碼字段以外其余的全是奇怪的內(nèi)容……

后來我又檢查了一下/etc/shadow文件：

1. [root@butter ~]# cat /etc/shadow
   
2. root:$2y$10$ULX4kt.sVMbsjg0bBwj8FuCF9Exy2GzxnpgbCOZLf.Jtj5FQ7.DjC:15705::::::
   
3. bin:*:15385::::::
   
4. daemon:*:15385::::::
   
5. lp:*:15385::::::
   
6. mail:*:15385::::::
   
7. news:*:15385::::::
   
8. uucp:*:15385::::::
   
9. games:*:15385::::::
   
10. man:*:15385::::::
    

復(fù)制代碼

仿佛發(fā)現(xiàn)了些什么…………



原來，系統(tǒng)默認(rèn)賬戶下的第二字段是星號，表示賬戶無法登錄。
而在腳本中，星號又是一個通配符，剛才通過echo看到的一串奇怪的內(nèi)容其實是我當(dāng)前目錄下的文件，你現(xiàn)在也可以試試"echo *"輸出結(jié)果等于"ls"。
恍然大悟了吧！立馬重新修改腳本，把剛才判斷語句中的$f2給加個雙引號。再跑一下。
Bravo！成功了！

1. 
   
2. [root@butter ~]# cat secure.sh
   
3.         while IFS=: read -r f1 f2 f3 f4 f5 f6 f7 f8
   
4.         do
   
5.         if [ -z "$f2" ]
   
6.         then
   
7.         echo -e "$WAR The account: $f1 has empty password! Please contact your administrator!"
   
8.         else echo -e "Checking the  account $1 has set a password      $OK"
   
9.         fi
   
10.         done</etc/shadow
    
11. [root@butter ~]# ./secure.sh
    
12. Checking the  account  root has set a password       [  OK  ]
    
13. ..........
    
14. ***Warning***    The account: tom has empty password! Please contact your administrator!
    
15. ........
    
16. [root@butter ~]# cat /etc/shadow|grep tom
    
17. tom::15708:0:99999:7:::
    

復(fù)制代碼

blackold

真的很神奇，還有隱藏內(nèi)容。

yinyuemi

最匪夷所思的是





























還要回復(fù)可見

waker

最匪夷所思的是shell也能產(chǎn)生匪夷所思的問題

aqbssh

回復(fù) 1# wwr


  是不是發(fā)現(xiàn)了什么bug ?

murdercool

回復(fù)可見什么情況

reyleon

第一次在shell板塊看到有隱藏內(nèi)容的 果然很神奇

huangyu_945

我想看看下面是怎么回復(fù)的

刺客阿地

奇怪的事情發(fā)生了。。。俺來看大牛解答!

Shell_HAT

http://catb.org/~esr/faqs/smart-questions.html

Don't rush to claim that you have found a bug

When you are having problems with a piece of software, don't claim you have found a bug unless you are very, very sure of your ground. Hint: unless you can provide a source-code patch that fixes the problem, or a regression test against a previous version that demonstrates incorrect behavior, you are probably not sure enough. This applies to webpages and documentation, too; if you have found a documentation “bug”, you should supply replacement text and which pages it should go on.

Remember, there are many other users that are not experiencing your problem. Otherwise you would have learned about it while reading the documentation and searching the Web (you did do that before complaining, didn't you?). This means that very probably it is you who are doing something wrong, not the software.

The people who wrote the software work very hard to make it work as well as possible. If you claim you have found a bug, you'll be impugning their competence, which may offend some of them even if you are correct. It's especially undiplomatic to yell “bug” in the Subject line.

When asking your question, it is best to write as though you assume you are doing something wrong, even if you are privately pretty sure you have found an actual bug. If there really is a bug, you will hear about it in the answer. Play it so the maintainers will want to apologize to you if the bug is real, rather than so that you will owe them an apology if you have messed up.

@aqbssh