Forum Discussion

Nimbostratus

Jul 18, 2017

Signed iRule to allow execution of disabled commands?

Hi, I'm trying to create an iRule that will call a custom shell script. However, the "exec" command has been disabled for security purposes. Is there a way to allow disabled commands that have...

iRules

security

samstep

Cirrocumulus

Jul 21, 2017

There is no way to run 'exec' from an iRule - that would mean Remote Code Execution vulnerability and performance issues among other considerations why F5 has disabled this and several other commands in TCL.

Digitally signed iRules do not magically enable disabled TCL commands at all - they just allow you to verify the authors of the iRule and that nobody has tampered with the iRule code.

Also there is no way to create/write/modify an iFile from an iRule. You can only read iFiles (actually they are read by TMM into memory on boot or on iFile creation)

Do you really need to write the secret on disk? A better approach would be to store it in a memory table using the 'table' command:

https://devcentral.f5.com/wiki/irules.table.ashx

Forum Discussion

Signed iRule to allow execution of disabled commands?

Recent Discussions

Find GSLB pool membership from vip IP

Server 2 causing application slowness

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Inquiry on F5's Maintenance Mode Feature for Pool Members

Related Content

Power of tmsh commands using Ansible

Oracle WebLogic Deserialization Remote Code Execution

F5 Partners join F5 executives at our Partner Connect event

ImageTragick - ImageMagick Remote Code Execution Vulnerability

Disabling Weak Ciphers