If you're really talking about testing for an *exact* match with a set
of scripts you've already vetted, compute a crypto checksum, e.g. the
MD5 hash of the incoming script and compare it against the checksum of
the pre-vetted script.
Asking the user if he is sure he wants to exexute a script puts the
user in an awkward position. He usually doesn't have enough context
or enough knowledge to be able to sort out the issues properly. If
you're serious about the strategy of permitting execution of
pre-vetted scripts, then you might want to extend that strategy to
handle new scripts. Whenever a new script is presented, bring it over
and put it in a temporary place. Then inform the user that the script
needs to be vetted. The user can then be directed to review the
script and sign off on it before it's executable. Don't force the
user to make the decision inline and without any support tools. Less
convenient? You bet. Security always is.
A much simpler strategy is to create a controlled environment via
chroot and execute the script in that environment. A wide range of
useful scripts will work ok. Some safe and useful scripts will not
work because they'll need access to things outside the controlled
environment. It's a trade off, and I don't know how often there would
be a problem.
Steve