Restricted Shell - does it still exist.
Pete French
pcf at galadriel.bt.co.uk
Wed Aug 23 18:42:21 AEST 1989
>From article <443 at siswat.UUCP<, by buck at siswat.UUCP (A. Lester Buck):
< In article <323 at galadriel.bt.co.uk>, I wrote ...
< < The restricted shell can, luckily, still be run. You just invoke it with
< < a '-r' option. So put in your users .profile ...
< <
< < exec sh -r
< <
< < And he will have a restricted shell.
<
< /bin/rsh enforces its restrictions after the .profile is executed, and any
< BREAK or DELETE actions by the user during .profile processing result in his
< being logged off. A persistent rsh user could break out of this scheme
< without much trouble by leaning on his interrupt key.
Ummm...so write a C program to exec /bin/sh with the name "rsh" and make that
the login shell for the user. That should be safe.
There is an art to breaking restricted shells anyway - I am sure a persistent
rsh user will suss out a way round it sooner or later. I had a friend once who
was very good at this sort of thing : defining shell functions provided an
interesting escape route...
-Pete.
--
-Pete French. |
British Telecom Research Labs. | "The carefree days are distant now,
Martlesham Heath, East Anglia. | I wear my memories like a shroud..."
All my own thoughts (of course) | -SIOUXSIE
More information about the Comp.unix.questions
mailing list