-
-
Notifications
You must be signed in to change notification settings - Fork 352
/
man.html
97 lines (96 loc) · 7.62 KB
/
man.html
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta http-equiv="Content-Style-Type" content="text/css" />
<meta name="generator" content="pandoc" />
<meta name="date" content="2019-01-14" />
<title>shc(1) shc user manual</title>
<style type="text/css">code{white-space: pre;}</style>
<style type="text/css">
table.sourceCode, tr.sourceCode, td.lineNumbers, td.sourceCode {
margin: 0; padding: 0; vertical-align: baseline; border: none; }
table.sourceCode { width: 100%; line-height: 100%; }
td.lineNumbers { text-align: right; padding-right: 4px; padding-left: 4px; color: #aaaaaa; border-right: 1px solid #aaaaaa; }
td.sourceCode { padding-left: 5px; }
code > span.kw { color: #007020; font-weight: bold; }
code > span.dt { color: #902000; }
code > span.dv { color: #40a070; }
code > span.bn { color: #40a070; }
code > span.fl { color: #40a070; }
code > span.ch { color: #4070a0; }
code > span.st { color: #4070a0; }
code > span.co { color: #60a0b0; font-style: italic; }
code > span.ot { color: #007020; }
code > span.al { color: #ff0000; font-weight: bold; }
code > span.fu { color: #06287e; }
code > span.er { color: #ff0000; font-weight: bold; }
</style>
</head>
<body>
<div id="header">
<h1 class="title">shc(1) shc user manual</h1>
<h3 class="date">January 14, 2019</h3>
</div>
<hr>
<h1 id="name">NAME</h1>
<p>shc - Generic shell script compiler</p>
<h1 id="synopsis">SYNOPSIS</h1>
<p><strong>shc</strong> [ -e <em>date</em> ] [ -m <em>addr</em> ] [ -i <em>iopt</em> ] [ -x <em>cmnd</em> ] [ -l <em>lopt</em> ] [ -o <em>outfile</em> ] [ -ABCDhUHsvSr ] -f <em>script</em></p>
<h1 id="description">DESCRIPTION</h1>
<p><strong>shc</strong> creates a stripped binary executable version of the script specified with <code>-f</code> on the command line.</p>
<p>The binary version will get a <code>.x</code> extension appended by default if <em>outfile</em> is not defined with [-o <em>outfile</em>] option and will usually be a bit larger in size than the original ascii code. Generated C source code is saved in a file with the extension <code>.x.c</code> or in a file specified with appropriate option.</p>
<p>If you supply an expiration date with the <code>-e</code> option, the compiled binary will refuse to run after the date specified. The message <strong>Please contact your provider</strong> will be displayed instead. This message can be changed with the <code>-m</code> option.</p>
<p>You can compile any kind of shell script, but you need to supply valid <code>-i</code>, <code>-x</code> and <code>-l</code> options.</p>
<p>The compiled binary will still be dependent on the shell specified in the first line of the shell code (i.e. <code>#!/bin/sh</code>), thus <strong>shc</strong> does not create completely independent binaries.</p>
<p><strong>shc</strong> itself is not a compiler such as cc, it rather encodes and encrypts a shell script and generates C source code with the added expiration capability. It then uses the system compiler to compile a stripped binary which behaves exactly like the original script. Upon execution, the compiled binary will decrypt and execute the code with the shell <code>-c</code> option. Unfortunately, it will not give you any speed improvement as a real C program would.</p>
<p><strong>shc</strong>'s main purpose is to protect your shell scripts from modification or inspection. You can use it if you wish to distribute your scripts but don't want them to be easily readable by other people.</p>
<h1 id="options">OPTIONS</h1>
<p>-e <em>date</em> : Expiration date in <em>dd/mm/yyyy</em> format <code>[none]</code></p>
<p>-m <em>message</em> : message to display upon expiration <code>["Please contact your provider"]</code></p>
<p>-f <em>script_name</em> : File path of the script to compile</p>
<p>-i <em>inline_option</em> : Inline option for the shell interpreter i.e: <code>-e</code></p>
<p>-x <em>command</em> : eXec command, as a printf format i.e: <code>exec(\\'%s\\',@ARGV);</code></p>
<p>-l <em>last_option</em> : Last shell option i.e: <code>--</code></p>
<p>-o <em>outfile</em> : output to the file specified by outfile</p>
<p>-r : Relax security. Make a redistributable binary which executes on different systems running the same operating system. You can release your binary with this option for others to use</p>
<p>-v : Verbose compilation</p>
<p>-S : Switch ON setuid for root callable programs [OFF]</p>
<p>-D : Switch on debug exec calls</p>
<p>-U : Make binary to be untraceable (using <em>strace</em>, <em>ptrace</em>, <em>truss</em>, etc.)</p>
<p>-H : Hardening. Extra security flag without root access requirement that protects against dumping, code injection, <code>cat /proc/pid/cmdline</code>, ptrace, etc.. This feature is <strong>experimental</strong> and may not work on all systems. This option currently only works with Bourne shell (sh) scripts without any positional parameters.</p>
<p>-s : Hardening with single process. Requires -H option, runs the binary in a single process, shell is called in the main process otherwise its called in a child process. This feature is <strong>experimental</strong> (may hang) and may not work on all systems. This option currently only works with Bourne shell (sh) scripts without any positional parameters.</p>
<p>-C : Display license and exit</p>
<p>-A : Display abstract and exit</p>
<p>-B : Compile for BusyBox</p>
<p>-h : Display help and exit</p>
<h1 id="environment-variables">ENVIRONMENT VARIABLES</h1>
<p>CC : C compiler command <code>[cc]</code></p>
<p>CFLAGS : C compiler flags <code>[none]</code></p>
<p>LDFLAGS : Linker flags <code>[none]</code></p>
<h1 id="examples">EXAMPLES</h1>
<p>Compile a script which can be run on other systems with the trace option enabled (without <code>-U</code> flag):</p>
<pre class="sourceCode bash"><code class="sourceCode bash"><span class="kw">shc</span> -f myscript -o mybinary</code></pre>
<p>Compile an untraceable binary:</p>
<pre class="sourceCode bash"><code class="sourceCode bash"><span class="kw">shc</span> -Uf myscript -o mybinary</code></pre>
<p>Compile an untraceable binary that doesn't require root access (experimental):</p>
<pre class="sourceCode bash"><code class="sourceCode bash"><span class="kw">shc</span> -Hf myscript -o mybinary</code></pre>
<h1 id="limitations">LIMITATIONS</h1>
<p>The maximum size of the script that could be executed once compiled is limited by the operating system configuration parameter <code>_SC_ARG_MAX</code> (see sysconf(2))</p>
<h1 id="authors">AUTHORS</h1>
<p>Francisco Rosales <script type="text/javascript">
<!--
h='fi.upm.es';a='@';n='frosal';e=n+a+h;
document.write('<a h'+'ref'+'="ma'+'ilto'+':'+e+'">'+e+'<\/'+'a'+'>');
// -->
</script><noscript>frosal at fi dot upm dot es</noscript></p>
<p>Md Jahidul Hamid <script type="text/javascript">
<!--
h='yahoo.com';a='@';n='jahidulhamid';e=n+a+h;
document.write('<a h'+'ref'+'="ma'+'ilto'+':'+e+'">'+e+'<\/'+'a'+'>');
// -->
</script><noscript>jahidulhamid at yahoo dot com</noscript></p>
<h1 id="report-bugs-to">REPORT BUGS TO</h1>
<p><a href="https://github.com/neurobin/shc/issues">https://github.com/neurobin/shc/issues</a></p>
</body>
</html>