From ced78d3656ae9627ff233586cc6a3626f49e8809 Mon Sep 17 00:00:00 2001 From: "Kay Marquardt (Gnadelwartz)" Date: Sun, 17 May 2020 14:02:03 +0200 Subject: [PATCH] fix broken link --- README.html | 6 +++--- README.md | 6 +++--- README.txt | 10 +++++----- doc/0_install.md | 7 ++++--- 4 files changed, 15 insertions(+), 14 deletions(-) diff --git a/README.html b/README.html index fd03b66..f974dc8 100644 --- a/README.html +++ b/README.html @@ -180,8 +180,8 @@ It features background tasks and interactive chats, and can serve as an interfac

Whenever you are processing input from from untrusted sources (messages, files, network) you must be as carefull as possible, e.g. set IFS appropriate, disable globbing (set -f) and quote everthing. In addition delete unused scripts and examples from your Bot, e.g. scripts 'notify', 'calc', 'question', and disable all not used commands.

A powerful tool to improve your scripts is shellcheck. You can use it online or install shellcheck locally. Shellcheck is used extensive in bashbot development to enshure a high code quality, e.g. it's not allowed to push changes without passing all shellcheck tests. In addition bashbot has a test suite to check if important functionality is working as expected.

Do not use #!/usr/bin/env bash

-

We stay with /bin/bash shebang, because using the system bash is more save from security perspective.

-

It makes it harder for attackers and users to place alternative versions of bash and avoids using possibly broken, mangled or compromised bash executables.

+

We stay with /bin/bash shebang, because it's more save from security perspective.

+

Using the system provided bash makes it harder for attackers or users to place alternative versions of bash and avoids using possibly broken, mangled or compromised bash executables.

If you are a MacOS user or forced to use an alternative bash, see Install Bashbot

Run your Bot as a restricted user

I recommend to run your bot as a user, with almost no access rights. All files your Bot have write access to are in danger to be overwritten/deleted if your bot is hacked. For the same reason ervery file your Bot can read is in danger to be disclosed. Restict your Bots access rigths to the absolute minimum.

@@ -228,6 +228,6 @@ It features background tasks and interactive chats, and can serve as an interfac

@Gnadelwartz

That's it!

If you feel that there's something missing or if you found a bug, feel free to submit a pull request!

-

$$VERSION$$ V0.94-0-gbdb50c8

+

$$VERSION$$ V0.94-1-g7aa409f

diff --git a/README.md b/README.md index 23d6cd8..9664250 100644 --- a/README.md +++ b/README.md @@ -114,9 +114,9 @@ In addition bashbot has a [test suite](doc/7_develop.md) to check if important f ### Do not use #!/usr/bin/env bash -We stay with /bin/bash shebang, because using the system bash is more save from security perspective. +**We stay with /bin/bash shebang, because it's more save from security perspective.** -It makes it harder for attackers and users to place alternative versions of bash and avoids using +Using the system provided bash makes it harder for attackers or users to place alternative versions of bash and avoids using possibly broken, mangled or compromised bash executables. If you are a MacOS user or forced to use an alternative bash, see [Install Bashbot](doc/0_install.md) @@ -192,4 +192,4 @@ This may happen if to many wrong requests are sent to api.telegram.org, e.g. usi If you feel that there's something missing or if you found a bug, feel free to submit a pull request! -#### $$VERSION$$ V0.94-0-gbdb50c8 +#### $$VERSION$$ V0.94-1-g7aa409f diff --git a/README.txt b/README.txt index 53500a3..58d3af2 100644 --- a/README.txt +++ b/README.txt @@ -156,11 +156,11 @@ functionality is working as expected. ### Do not use #!/usr/bin/env bash -We stay with /bin/bash shebang, because using the system bash is more save from -security perspective. +**We stay with /bin/bash shebang, because it's more save from security +perspective.** -It makes it harder for attackers and users to place alternative versions of -bash and avoids using +Using the system provided bash makes it harder for attackers or users to place +alternative versions of bash and avoids using possibly broken, mangled or compromised bash executables. If you are a MacOS user or forced to use an alternative bash, see [Install @@ -269,4 +269,4 @@ tor proxy on your server you may uncomment the ```BASHBOT_CURL_ARGS``` line in If you feel that there's something missing or if you found a bug, feel free to submit a pull request! -#### $$VERSION$$ V0.94-0-gbdb50c8 +#### $$VERSION$$ V0.94-1-g7aa409f diff --git a/doc/0_install.md b/doc/0_install.md index 0693d8b..a14937f 100644 --- a/doc/0_install.md +++ b/doc/0_install.md @@ -49,9 +49,10 @@ You must install a more current version of bash, as the default bash is way to o see e.g. [Install Bash on Mac](http://macappstore.org/bash/) After installation / update of bashbot you must change the shebang line to point to your bash location -e.g. with the provided script ˋexamples/bash2env.shˋ +e.g. with the provided script 'examples/bash2env.sh' -We stay with /bin/bash shebang, because using the system bash is more save, see [Security Considerations](../README.md#Security Considerations) +We stay with /bin/bash shebang, because using the system bash is more save, see +[Security Considerations](../README.md#Security-Considerations) ### Notes on Updates @@ -97,5 +98,5 @@ The old format is supported for backward compatibility, but may fail for corner #### [Next Create Bot](1_firstbot.md) -#### $$VERSION$$ V0.94-0-gbdb50c8 +#### $$VERSION$$ V0.94-1-g7aa409f