Restricted Shell - does it still exist.

Pete French pcf at galadriel.bt.co.uk
Wed Aug 23 18:42:21 AEST 1989


>From article <443 at siswat.UUCP<, by buck at siswat.UUCP (A. Lester Buck):
< In article <323 at galadriel.bt.co.uk>, I wrote ...
< < The restricted shell can, luckily, still be run. You just invoke it with
< < a '-r' option. So put in your users .profile ...
< < 
< < exec sh -r
< < 
< < And he will have a restricted shell.
< 
< /bin/rsh enforces its restrictions after the .profile is executed, and any
< BREAK or DELETE actions by the user during .profile processing result in his
< being logged off.  A persistent rsh user could break out of this scheme
< without much trouble by leaning on his interrupt key.

Ummm...so write a C program to exec /bin/sh with the name "rsh" and make that
the login shell for the user. That should be safe.

There is an art to breaking restricted shells anyway - I am sure a persistent
rsh user will suss out a way round it sooner or later. I had a friend once who
was very good at this sort of thing : defining shell functions provided an
interesting escape route...

                       -Pete.

-- 
       -Pete French.               |
  British Telecom Research Labs.   | "The carefree days are distant now,
 Martlesham Heath, East Anglia.    |  I wear my memories like a shroud..."
All my own thoughts (of course)    |                               -SIOUXSIE



More information about the Comp.unix.questions mailing list