[ANN] Protect you Unix Shell Scripts!

Shell scripts are very powerful tools for UNIX development. Due to the
fact
that they are interpreted, they are easy to develop, inspect, debug
and
document. But this convenience comes at high price - the threat of
intellectual
property theft.

In today's competitive environment, anyone can inspect and change your
elaborately crafted scripts. It is possible and easy for a competitor
to mimic
your work, if not copy outright, without your permission. Furthermore,
unskilled customers or employees may modify installed scripts creating
hard-to-find bugs, increasing your support costs. For companies that
use shell
scripts in commercial products, these annoying issues are becoming a
major
headache.

To address this problem we have created Shell Protector(tm).

Get get more information and purchase Shell Protector(tm) please go
to:
http://www.bungisoft.com/html/produc...llprotect.html


Shell Protector's(tm) main purpose is to protect your shell scripts
from
modification or inspection. You can use it if you wish to distribute
your
scripts but don't want them to be easily readable by other people.

Shell Protector(tm) itself is not a compiler such as cc. It rather
encodes and
encrypts a shell script, together with the appropriate shell. The
final result
is a stripped binary which behaves exactly like the original script.
Upon
execution, the compiled binary will decrypt and execute the code using
the
encoded shell.

The following is the most prominent features of the Shell
Protector(tm):

* Protects sources

Shell scripts can contain a considerably large amount of know-how
and
development time. In order to protect such a valuable resource you
should
distribute Shell Protector(tm) produced executables instead of
sources.

* Allows SUID and SGID scripts

Some systems may be configured in such a way as to ignore set user
id and
set group id bit when running shell scripts. Such a feature is
indeed very
useful at times. Although it may also create problems. To bypass
this
feature on per-use bases, some knowledgeable UNIX system
administrators
create little C programs, called wrappers, to go around this
limitation.
However, wrappers, if not well designed and implemented, can
expose your
system to some well known security vulnerabilities. Shell
Protector(tm) is
designed to reduce such risk to some degree, it also eliminates
the need for
programming know-how by system administrators.
You can thus think of Shell Protector as the universal shell
script wrapper.

* Allows switch user (su) scripts

This is one of the most interesting features of compiled shell
scripts:
The process can optionally gain real user id of executable owner,
not only
effective user id. Group set of executable owner is also set. The
same
effect can be obtained only by using su (switch user) command.

* Makes sure that script runs under correct shell

Shell versions may differ wildly from system to system. By
packaging shell
interpreter together with the executable Shell Protector(tm)
provides
extra level of platform independency for your scripts.

* Runs under the most popular Unix/Linux platforms

* Solaris/SunOS (SPARC)
* Linux


With these and other exciting features Bungisoft Shell Protector(tm)
is a sure winner for your next project!

Get get more information and purchase Shell Protector(tm) please go
to:
http://www.bungisoft.com/html/produc...llprotect.html

On 27 Oct 2003 20:25:14 -0800,
Bungisoft, Inc. <nntp@bungisoft.com> wrote:
> Shell scripts are very powerful tools for UNIX development. Due to
> the fact that they are interpreted, they are easy to develop,
> inspect, debug and document. But this convenience comes at high price
> - the threat of intellectual property theft.

So, you're saying bungisoft is affiliated with SCO?

>
> In today's competitive environment, anyone can inspect and change
> your elaborately crafted scripts. It is possible and easy for a
> competitor to mimic your work, if not copy outright, without your
> permission. Furthermore, unskilled customers or employees may modify
> installed scripts creating hard-to-find bugs, increasing your support
> costs. For companies that use shell scripts in commercial products,
> these annoying issues are becoming a major headache.

This might be one reason why passwords, firewalls and permissions were
developed. If you use a shell script in a product that you distribute,
someone else modifies it, and calls you for support, you charge them and
make money - it's a good thing.

> To address this problem we have created Shell Protector(tm).
>
> Get get more information and purchase Shell Protector(tm) please go
> to:
> http://www.bungisoft.com/html/produc...llprotect.html
>
>
> Shell Protector's(tm) main purpose is to protect your shell scripts
> from modification or inspection. You can use it if you wish to
> distribute your scripts but don't want them to be easily readable by
> other people.
>
> Shell Protector(tm) itself is not a compiler such as cc. It rather
> encodes and encrypts a shell script, together with the appropriate
> shell. The final result is a stripped binary which behaves exactly
> like the original script. Upon execution, the compiled binary will
> decrypt and execute the code using the encoded shell.

I think you lost your audience - anyone capable of writing a unique
shell script detailed enough to want to protect should have little
trouble implementing this themselves or something at least similar
enough for their needs.

> The following is the most prominent features of the Shell
> Protector(tm):
>
> * Protects sources
>
> Shell scripts can contain a considerably large amount of know-how
> and development time. In order to protect such a valuable
> resource you should distribute Shell Protector(tm) produced
> executables instead of sources.
>
> * Allows SUID and SGID scripts
>
> Some systems may be configured in such a way as to ignore set
> user id and set group id bit when running shell scripts. Such a
> feature is indeed very useful at times. Although it may also
> create problems. To bypass this feature on per-use bases, some
> knowledgeable UNIX system administrators create little C
> programs, called wrappers, to go around this limitation.
> However, wrappers, if not well designed and implemented, can
> expose your system to some well known security vulnerabilities.
> Shell Protector(tm) is designed to reduce such risk to some
> degree, it also eliminates the need for programming know-how by
> system administrators. You can thus think of Shell Protector as
> the universal shell script wrapper.
>
> * Allows switch user (su) scripts
>
> This is one of the most interesting features of compiled shell
> scripts: The process can optionally gain real user id of
> executable owner, not only effective user id. Group set of
> executable owner is also set. The same effect can be obtained
> only by using su (switch user) command.
>
> * Makes sure that script runs under correct shell
>
> Shell versions may differ wildly from system to system. By
> packaging shell interpreter together with the executable Shell
> Protector(tm) provides extra level of platform independency for
> your scripts.

If it is compiled, you don't need an interpreter. If it's interpreted
it's not compiled.

Is that even legal, or is that dependent on the license of the shell?

>
> * Runs under the most popular Unix/Linux platforms
>
> * Solaris/SunOS (SPARC) * Linux
>
>
> With these and other exciting features Bungisoft Shell Protector(tm)
> is a sure winner for your next project!
>
> Get get more information and purchase Shell Protector(tm) please go
> to:
> http://www.bungisoft.com/html/produc...llprotect.html

I actually thought this was a joke.

BTW, what is "[ANN]"?

Michael C.
--
mcsuper5@usol.com http://mcsuper5.freeshell.org/
Registered Linux User #303915 http://counter.li.org/

In comp.os.linux.security Bungisoft, Inc. <nntp@bungisoft.com> wrote:
> To address this problem we have created Shell Protector(tm).

*ROTFL*

The same nonsense you can get for VB-Script, now also for your
UNIX shell scripts! Security by obscurity at it's best.

Perhaps I will not killfile you inspite of the fact you're spamming
here, you're too funny!

- abuse complaint pending -
VB.
--
X-Pie Software GmbH
Postfach 1540, 88334 Bad Waldsee
Phone +49-7524-996806 Fax +49-7524-996807
mailto:vb@x-pie.de http://www.x-pie.de

Bungisoft, Inc. <nntp@bungisoft.com> wrote:
> Shell versions may differ wildly from system to system. By
>packaging shell
> interpreter together with the executable Shell Protector(tm)
>provides
> extra level of platform independency for your scripts.

So you provide "extra platform independency (sic)" by turning a shell
script into a binary executable?

- awh