diff --git a/.gitignore b/.gitignore index 9f8ef3b..932c99e 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,8 @@ +src/.deps +src/shc +src/shc.o +*Makefile +config.status /build /autom4te.cache *.scan diff --git a/README.md b/README.md index 8b99c26..f25c121 100644 --- a/README.md +++ b/README.md @@ -55,7 +55,7 @@ make make check ``` -## Known bugs +## Known limitations The one (and I hope the only) limitation using shc is the _SC_ARG_MAX system configuration parameter. It limits the maximum length of the arguments to the exec function, limiting the maximum length of the runnable script of shc. diff --git a/shc.1 b/shc.1 index 8526b91..935e924 100644 --- a/shc.1 +++ b/shc.1 @@ -1,7 +1,4 @@ -.\" Automatically generated by Pandoc 1.19.2.4 -.\" -.TH "shc" "1" "November 20, 2018" "shc user manual" "" -.hy +.TH "shc" "1" "January 14, 2019" "shc user manual" "" .SH NAME .PP shc \- Generic shell script compiler @@ -51,130 +48,69 @@ modification or inspection. You can use it if you wish to distribute your scripts but don\[aq]t want them to be easily readable by other people. .SH OPTIONS -.TP -.B \-e \f[I]date\f[] -Expiration date in \f[I]dd/mm/yyyy\f[] format \f[C][none]\f[] -.RS -.RE -.TP -.B \-m \f[I]message\f[] -message to display upon expiration +.PP +\-e \f[I]date\f[] : Expiration date in \f[I]dd/mm/yyyy\f[] format +\f[C][none]\f[] +.PP +\-m \f[I]message\f[] : message to display upon expiration \f[C]["Please\ contact\ your\ provider"]\f[] -.RS -.RE -.TP -.B \-f \f[I]script_name\f[] -File path of the script to compile -.RS -.RE -.TP -.B \-i \f[I]inline_option\f[] -Inline option for the shell interpreter i.e: \f[C]\-e\f[] -.RS -.RE -.TP -.B \-x \f[I]command\f[] -eXec command, as a printf format i.e: +.PP +\-f \f[I]script_name\f[] : File path of the script to compile +.PP +\-i \f[I]inline_option\f[] : Inline option for the shell interpreter +i.e: \f[C]\-e\f[] +.PP +\-x \f[I]command\f[] : eXec command, as a printf format i.e: \f[C]exec(\\\\\[aq]%s\\\\\[aq],\@ARGV);\f[] -.RS -.RE -.TP -.B \-l \f[I]last_option\f[] -Last shell option i.e: \f[C]\-\-\f[] -.RS -.RE -.TP -.B \-o \f[I]outfile\f[] -output to the file specified by outfile -.RS -.RE -.TP -.B \-r -Relax security. +.PP +\-l \f[I]last_option\f[] : Last shell option i.e: \f[C]\-\-\f[] +.PP +\-o \f[I]outfile\f[] : output to the file specified by outfile +.PP +\-r : Relax security. Make a redistributable binary which executes on different systems running the same operating system. You can release your binary with this option for others to use -.RS -.RE -.TP -.B \-v -Verbose compilation -.RS -.RE -.TP -.B \-S -Switch ON setuid for root callable programs [OFF] -.RS -.RE -.TP -.B \-D -Switch on debug exec calls -.RS -.RE -.TP -.B \-U -Make binary to be untraceable (using \f[I]strace\f[], \f[I]ptrace\f[], -\f[I]truss\f[], etc.) -.RS -.RE -.TP -.B \-H -Hardening. +.PP +\-v : Verbose compilation +.PP +\-S : Switch ON setuid for root callable programs [OFF] +.PP +\-D : Switch on debug exec calls +.PP +\-U : Make binary to be untraceable (using \f[I]strace\f[], +\f[I]ptrace\f[], \f[I]truss\f[], etc.) +.PP +\-H : Hardening. Extra security flag without root access requirement that protects against dumping, code injection, \f[C]cat\ /proc/pid/cmdline\f[], ptrace, etc.. This feature is \f[B]experimental\f[] and may not work on all systems. This option currently only works with Bourne shell (sh) scripts without any positional parameters. -.RS -.RE -.TP -.B \-s -Hardening with single process. +.PP +\-s : Hardening with single process. Requires \-H option, runs the binary in a single process, shell is called in the main process otherwise its called in a child process. This feature is \f[B]experimental\f[] (may hang) and may not work on all systems. This option currently only works with Bourne shell (sh) scripts without any positional parameters. -.RS -.RE -.TP -.B \-C -Display license and exit -.RS -.RE -.TP -.B \-A -Display abstract and exit -.RS -.RE -.TP -.B \-B -Compile for BusyBox -.RS -.RE -.TP -.B \-h -Display help and exit -.RS -.RE +.PP +\-C : Display license and exit +.PP +\-A : Display abstract and exit +.PP +\-B : Compile for BusyBox +.PP +\-h : Display help and exit .SH ENVIRONMENT VARIABLES -.TP -.B CC -C compiler command \f[C][cc]\f[] -.RS -.RE -.TP -.B CFLAGS -C compiler flags \f[C][none]\f[] -.RS -.RE -.TP -.B LDFLAGS -Linker flags \f[C][none]\f[] -.RS -.RE +.PP +CC : C compiler command \f[C][cc]\f[] +.PP +CFLAGS : C compiler flags \f[C][none]\f[] +.PP +LDFLAGS : Linker flags \f[C][none]\f[] .SH EXAMPLES .PP Compile a script which can be run on other systems with the trace option @@ -202,7 +138,7 @@ Compile an untraceable binary that doesn\[aq]t require root access shc\ \-Hf\ myscript\ \-o\ mybinary \f[] .fi -.SH BUGS +.SH LIMITATIONS .PP The maximum size of the script that could be executed once compiled is limited by the operating system configuration parameter