sigsh -- a signature verifying shell
sigsh [-c certs] [-x] [-p prog]
sigsh is a non-interactive, signature requiring and verifying command interpreter. More accurately, it is a signature verification wrapper around a given shell. It reads input in PKCS#7 format from standard in, verifies the signature and, if the signature matches, pipes the decoded input into the command interpreter.
sigsh supports the following flags:
Conceptually similar to Microsoft Windows’ Powershell ExecutionPolicy (as set to ‘allSigned’), sigsh will only execute any commands from the input if a valid signature is found. This allows, for example, a headless user to be able to run any arbitrary set of commands (if provided by trusted entities) without having to give it a fully interactive login shell. By specifying a different interpreter to which to pass the verified input, sigsh can be used for almost anything requiring input verification so long as the tool invoked accepts input from standard in.
sigsh is intentionally kept as simple as possible and does not provide for a whole lot of customization via either a startup file or any command-line options.
sigsh reads input from standard in. That is, unlike other interactive command interpreters, it cannot be invoked from the terminal to read commands one at a time. sigsh relies on (and shells out to) openssl(1) for signature verification. In particular, it expects input to be in PKCS#7 format, containing signed data to be passed to the command interpreter. In order to verify the signature, sigsh needs to have available a matching certificate (see section FILES).
By default, sigsh does not generate any output itself. If input verification fails, it will return an error code (see section EXIT STATUS) and print a brief message to STDERR; otherwise, it will pipe the validated input to the given command interpreter, letting it generate any and all output (both to standard out and standard error).
The following examples illustrate possible usage of this tool.
To execute the commands in the file ‘script.bash’:
openssl smime -sign -nodetach -signer mycert.pem -inkey mykey.pem \ -in script.bash -outform pem | sigsh
To execute the perl code contained in the signed PKCS#7 file ‘code.pem’:
sigsh -p /usr/bin/perl < code.pem
sigsh will exit with the rather unusual return code of 127 if verification of the input fails (for whatever reason). Otherwise, it will return the exit code of the interpreter invoked.
sigsh clears the environment before passing the verified input on to the interpreter. Therefor, the input must make sure to explicitly set any variables it may rely on.
sigsh uses the following files:
openssl(1) , smime(1)
sigsh was originally written by Jan Schaumann <jschauma@yahoo-inc.com> in September 2010.
Please report bugs and feature requests to the author.