Is the restricted shell really secure?
The WITNESS
bsafw at ncoast.UUCP
Tue Jul 31 01:28:38 AEST 1984
On a related question: we have implemented a restricted filesystem-cum-shell
by means of a program that does a Xenix chroot() syscall and then execs the
shell. But the only way to make it really secure, that I can see, is to break
the '..' link in the restricted root. Anyone see a way that won't get fsck
upset?
For those (a majority, I would guess) without chroot system call: it causes
the current process to consider / to point to the directory named in the call.
The program that we use does this:
main() {
chroot("/ROOT");
chdir("/usr/guest"); /* actually /ROOT/usr/guest */
setuid(GUESTUID);
setgid(GUESTGID);
execl("/bin/tsh", "tsh", 0);
}
Thanks for any help you can provide.
--
Brandon Allbery: decvax!cwruecmp{!atvax}!bsafw
6504 Chestnut Road, Independence, OH 44131
Witness, n. To watch and learn, joyously.
More information about the Comp.unix.wizards
mailing list