Skip to content

Commit d5d1b89

Browse files
authored
Merge pull request #70 from mathieu-aubin/master
Master
2 parents e86b16c + c868244 commit d5d1b89

File tree

5 files changed

+108
-222
lines changed

5 files changed

+108
-222
lines changed

.gitignore

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,8 @@
1+
src/.deps
2+
src/shc
3+
src/shc.o
4+
*Makefile
5+
config.status
16
/build
27
/autom4te.cache
38
*.scan

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -55,7 +55,7 @@ make
5555
make check
5656
```
5757

58-
## Known bugs
58+
## Known limitations
5959

6060
The one (and I hope the only) limitation using shc is the _SC_ARG_MAX system configuration parameter.
6161
It limits the maximum length of the arguments to the exec function, limiting the maximum length of the runnable script of shc.

man.html

Lines changed: 53 additions & 108 deletions
Original file line numberDiff line numberDiff line change
@@ -4,55 +4,36 @@
44
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
55
<meta http-equiv="Content-Style-Type" content="text/css" />
66
<meta name="generator" content="pandoc" />
7-
<meta name="author" content="" />
8-
<meta name="date" content="2018-11-20" />
7+
<meta name="date" content="2019-01-14" />
98
<title>shc(1) shc user manual</title>
109
<style type="text/css">code{white-space: pre;}</style>
1110
<style type="text/css">
12-
div.sourceCode { overflow-x: auto; }
1311
table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
1412
margin: 0; padding: 0; vertical-align: baseline; border: none; }
1513
table.sourceCode { width: 100%; line-height: 100%; }
1614
td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
1715
td.sourceCode { padding-left: 5px; }
18-
code > span.kw { color: #007020; font-weight: bold; } /* Keyword */
19-
code > span.dt { color: #902000; } /* DataType */
20-
code > span.dv { color: #40a070; } /* DecVal */
21-
code > span.bn { color: #40a070; } /* BaseN */
22-
code > span.fl { color: #40a070; } /* Float */
23-
code > span.ch { color: #4070a0; } /* Char */
24-
code > span.st { color: #4070a0; } /* String */
25-
code > span.co { color: #60a0b0; font-style: italic; } /* Comment */
26-
code > span.ot { color: #007020; } /* Other */
27-
code > span.al { color: #ff0000; font-weight: bold; } /* Alert */
28-
code > span.fu { color: #06287e; } /* Function */
29-
code > span.er { color: #ff0000; font-weight: bold; } /* Error */
30-
code > span.wa { color: #60a0b0; font-weight: bold; font-style: italic; } /* Warning */
31-
code > span.cn { color: #880000; } /* Constant */
32-
code > span.sc { color: #4070a0; } /* SpecialChar */
33-
code > span.vs { color: #4070a0; } /* VerbatimString */
34-
code > span.ss { color: #bb6688; } /* SpecialString */
35-
code > span.im { } /* Import */
36-
code > span.va { color: #19177c; } /* Variable */
37-
code > span.cf { color: #007020; font-weight: bold; } /* ControlFlow */
38-
code > span.op { color: #666666; } /* Operator */
39-
code > span.bu { } /* BuiltIn */
40-
code > span.ex { } /* Extension */
41-
code > span.pp { color: #bc7a00; } /* Preprocessor */
42-
code > span.at { color: #7d9029; } /* Attribute */
43-
code > span.do { color: #ba2121; font-style: italic; } /* Documentation */
44-
code > span.an { color: #60a0b0; font-weight: bold; font-style: italic; } /* Annotation */
45-
code > span.cv { color: #60a0b0; font-weight: bold; font-style: italic; } /* CommentVar */
46-
code > span.in { color: #60a0b0; font-weight: bold; font-style: italic; } /* Information */
16+
code > span.kw { color: #007020; font-weight: bold; }
17+
code > span.dt { color: #902000; }
18+
code > span.dv { color: #40a070; }
19+
code > span.bn { color: #40a070; }
20+
code > span.fl { color: #40a070; }
21+
code > span.ch { color: #4070a0; }
22+
code > span.st { color: #4070a0; }
23+
code > span.co { color: #60a0b0; font-style: italic; }
24+
code > span.ot { color: #007020; }
25+
code > span.al { color: #ff0000; font-weight: bold; }
26+
code > span.fu { color: #06287e; }
27+
code > span.er { color: #ff0000; font-weight: bold; }
4728
</style>
4829
</head>
4930
<body>
5031
<div id="header">
5132
<h1 class="title">shc(1) shc user manual</h1>
52-
<h2 class="author"></h2>
53-
<h3 class="date">November 20, 2018</h3>
33+
<h3 class="date">January 14, 2019</h3>
5434
</div>
5535
<hr>
36+
5637
<h1 id="name">NAME</h1>
5738
<p>shc - Generic shell script compiler</p>
5839
<h1 id="synopsis">SYNOPSIS</h1>
@@ -66,87 +47,51 @@ <h1 id="description">DESCRIPTION</h1>
6647
<p><strong>shc</strong> itself is not a compiler such as cc, it rather encodes and encrypts a shell script and generates C source code with the added expiration capability. It then uses the system compiler to compile a stripped binary which behaves exactly like the original script. Upon execution, the compiled binary will decrypt and execute the code with the shell <code>-c</code> option. Unfortunatelly, it will not give you any speed improvement as a real C program would.</p>
6748
<p><strong>shc</strong>'s main purpose is to protect your shell scripts from modification or inspection. You can use it if you wish to distribute your scripts but don't want them to be easily readable by other people.</p>
6849
<h1 id="options">OPTIONS</h1>
69-
<dl>
70-
<dt>-e <em>date</em></dt>
71-
<dd>Expiration date in <em>dd/mm/yyyy</em> format <code>[none]</code>
72-
</dd>
73-
<dt>-m <em>message</em></dt>
74-
<dd>message to display upon expiration <code>[&quot;Please contact your provider&quot;]</code>
75-
</dd>
76-
<dt>-f <em>script_name</em></dt>
77-
<dd>File path of the script to compile
78-
</dd>
79-
<dt>-i <em>inline_option</em></dt>
80-
<dd>Inline option for the shell interpreter i.e: <code>-e</code>
81-
</dd>
82-
<dt>-x <em>command</em></dt>
83-
<dd>eXec command, as a printf format i.e: <code>exec(\\'%s\\',@ARGV);</code>
84-
</dd>
85-
<dt>-l <em>last_option</em></dt>
86-
<dd>Last shell option i.e: <code>--</code>
87-
</dd>
88-
<dt>-o <em>outfile</em></dt>
89-
<dd>output to the file specified by outfile
90-
</dd>
91-
<dt>-r</dt>
92-
<dd>Relax security. Make a redistributable binary which executes on different systems running the same operating system. You can release your binary with this option for others to use
93-
</dd>
94-
<dt>-v</dt>
95-
<dd>Verbose compilation
96-
</dd>
97-
<dt>-S</dt>
98-
<dd>Switch ON setuid for root callable programs [OFF]
99-
</dd>
100-
<dt>-D</dt>
101-
<dd>Switch on debug exec calls
102-
</dd>
103-
<dt>-U</dt>
104-
<dd>Make binary to be untraceable (using <em>strace</em>, <em>ptrace</em>, <em>truss</em>, etc.)
105-
</dd>
106-
<dt>-H</dt>
107-
<dd>Hardening. Extra security flag without root access requirement that protects against dumping, code injection, <code>cat /proc/pid/cmdline</code>, ptrace, etc.. This feature is <strong>experimental</strong> and may not work on all systems. This option currently only works with Bourne shell (sh) scripts without any positional parameters.
108-
</dd>
109-
<dt>-s</dt>
110-
<dd>Hardening with single process. Requires -H option, runs the binary in a single process, shell is called in the main process otherwise its called in a child process. This feature is <strong>experimental</strong> (may hang) and may not work on all systems. This option currently only works with Bourne shell (sh) scripts without any positional parameters.
111-
</dd>
112-
<dt>-C</dt>
113-
<dd>Display license and exit
114-
</dd>
115-
<dt>-A</dt>
116-
<dd>Display abstract and exit
117-
</dd>
118-
<dt>-B</dt>
119-
<dd>Compile for BusyBox
120-
</dd>
121-
<dt>-h</dt>
122-
<dd>Display help and exit
123-
</dd>
124-
</dl>
50+
<p>-e <em>date</em> : Expiration date in <em>dd/mm/yyyy</em> format <code>[none]</code></p>
51+
<p>-m <em>message</em> : message to display upon expiration <code>[&quot;Please contact your provider&quot;]</code></p>
52+
<p>-f <em>script_name</em> : File path of the script to compile</p>
53+
<p>-i <em>inline_option</em> : Inline option for the shell interpreter i.e: <code>-e</code></p>
54+
<p>-x <em>command</em> : eXec command, as a printf format i.e: <code>exec(\\'%s\\',@ARGV);</code></p>
55+
<p>-l <em>last_option</em> : Last shell option i.e: <code>--</code></p>
56+
<p>-o <em>outfile</em> : output to the file specified by outfile</p>
57+
<p>-r : Relax security. Make a redistributable binary which executes on different systems running the same operating system. You can release your binary with this option for others to use</p>
58+
<p>-v : Verbose compilation</p>
59+
<p>-S : Switch ON setuid for root callable programs [OFF]</p>
60+
<p>-D : Switch on debug exec calls</p>
61+
<p>-U : Make binary to be untraceable (using <em>strace</em>, <em>ptrace</em>, <em>truss</em>, etc.)</p>
62+
<p>-H : Hardening. Extra security flag without root access requirement that protects against dumping, code injection, <code>cat /proc/pid/cmdline</code>, ptrace, etc.. This feature is <strong>experimental</strong> and may not work on all systems. This option currently only works with Bourne shell (sh) scripts without any positional parameters.</p>
63+
<p>-s : Hardening with single process. Requires -H option, runs the binary in a single process, shell is called in the main process otherwise its called in a child process. This feature is <strong>experimental</strong> (may hang) and may not work on all systems. This option currently only works with Bourne shell (sh) scripts without any positional parameters.</p>
64+
<p>-C : Display license and exit</p>
65+
<p>-A : Display abstract and exit</p>
66+
<p>-B : Compile for BusyBox</p>
67+
<p>-h : Display help and exit</p>
12568
<h1 id="environment-variables">ENVIRONMENT VARIABLES</h1>
126-
<dl>
127-
<dt>CC</dt>
128-
<dd>C compiler command <code>[cc]</code>
129-
</dd>
130-
<dt>CFLAGS</dt>
131-
<dd>C compiler flags <code>[none]</code>
132-
</dd>
133-
<dt>LDFLAGS</dt>
134-
<dd>Linker flags <code>[none]</code>
135-
</dd>
136-
</dl>
69+
<p>CC : C compiler command <code>[cc]</code></p>
70+
<p>CFLAGS : C compiler flags <code>[none]</code></p>
71+
<p>LDFLAGS : Linker flags <code>[none]</code></p>
13772
<h1 id="examples">EXAMPLES</h1>
13873
<p>Compile a script which can be run on other systems with the trace option enabled (without <code>-U</code> flag):</p>
139-
<div class="sourceCode"><pre class="sourceCode bash"><code class="sourceCode bash"><span class="ex">shc</span> -f myscript -o mybinary</code></pre></div>
74+
<pre class="sourceCode bash"><code class="sourceCode bash"><span class="kw">shc</span> -f myscript -o mybinary</code></pre>
14075
<p>Compile an untraceable binary:</p>
141-
<div class="sourceCode"><pre class="sourceCode bash"><code class="sourceCode bash"><span class="ex">shc</span> -Uf myscript -o mybinary</code></pre></div>
76+
<pre class="sourceCode bash"><code class="sourceCode bash"><span class="kw">shc</span> -Uf myscript -o mybinary</code></pre>
14277
<p>Compile an untraceable binary that doesn't require root access (experimental):</p>
143-
<div class="sourceCode"><pre class="sourceCode bash"><code class="sourceCode bash"><span class="ex">shc</span> -Hf myscript -o mybinary</code></pre></div>
144-
<h1 id="bugs">BUGS</h1>
78+
<pre class="sourceCode bash"><code class="sourceCode bash"><span class="kw">shc</span> -Hf myscript -o mybinary</code></pre>
79+
<h1 id="limitations">LIMITATIONS</h1>
14580
<p>The maximum size of the script that could be executed once compiled is limited by the operating system configuration parameter <code>_SC_ARG_MAX</code> (see sysconf(2))</p>
14681
<h1 id="authors">AUTHORS</h1>
147-
<p>Francisco Rosales <a href="mailto:frosal@fi.upm.es">frosal@fi.upm.es</a></p>
148-
<p>Md Jahidul Hamid <a href="mailto:jahidulhamid@yahoo.com">jahidulhamid@yahoo.com</a></p>
82+
<p>Francisco Rosales <script type="text/javascript">
83+
<!--
84+
h='&#102;&#x69;&#46;&#x75;&#112;&#x6d;&#46;&#x65;&#x73;';a='&#64;';n='&#102;&#114;&#x6f;&#x73;&#x61;&#108;';e=n+a+h;
85+
document.write('<a h'+'ref'+'="ma'+'ilto'+':'+e+'">'+e+'<\/'+'a'+'>');
86+
// -->
87+
</script><noscript>&#102;&#114;&#x6f;&#x73;&#x61;&#108;&#32;&#x61;&#116;&#32;&#102;&#x69;&#32;&#100;&#x6f;&#116;&#32;&#x75;&#112;&#x6d;&#32;&#100;&#x6f;&#116;&#32;&#x65;&#x73;</noscript></p>
88+
<p>Md Jahidul Hamid <script type="text/javascript">
89+
<!--
90+
h='&#x79;&#x61;&#104;&#x6f;&#x6f;&#46;&#x63;&#x6f;&#x6d;';a='&#64;';n='&#106;&#x61;&#104;&#x69;&#100;&#x75;&#108;&#104;&#x61;&#x6d;&#x69;&#100;';e=n+a+h;
91+
document.write('<a h'+'ref'+'="ma'+'ilto'+':'+e+'">'+e+'<\/'+'a'+'>');
92+
// -->
93+
</script><noscript>&#106;&#x61;&#104;&#x69;&#100;&#x75;&#108;&#104;&#x61;&#x6d;&#x69;&#100;&#32;&#x61;&#116;&#32;&#x79;&#x61;&#104;&#x6f;&#x6f;&#32;&#100;&#x6f;&#116;&#32;&#x63;&#x6f;&#x6d;</noscript></p>
14994
<h1 id="report-bugs-to">REPORT BUGS TO</h1>
150-
<p><a href="https://github.com/neurobin/shc/issues" class="uri">https://github.com/neurobin/shc/issues</a></p>
95+
<p><a href="https://github.com/neurobin/shc/issues">https://github.com/neurobin/shc/issues</a></p>
15196
</body>
15297
</html>

man.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
% shc(1) shc user manual
22
%
3-
% November 20, 2018
3+
% January 14, 2019
44
<hr>
55

66
# NAME
@@ -120,7 +120,7 @@ Compile an untraceable binary that doesn't require root access (experimental):
120120
shc -Hf myscript -o mybinary
121121
```
122122

123-
# BUGS
123+
# LIMITATIONS
124124
The maximum size of the script that could be executed once compiled is limited by the operating system configuration parameter `_SC_ARG_MAX` (see sysconf(2))
125125

126126
# AUTHORS

0 commit comments

Comments
 (0)