disallowing subshell in More
cottrell at nbs-vms.ARPA
cottrell at nbs-vms.ARPA
Tue Feb 12 10:32:38 AEST 1985
/*
> Does anyone know of a way to pipe a file to more and disallow a user from
> invoking a subshell while More is running?
>
> Here's the senario, I have a menu that allows certain users to have
root access
> to several functions (unjamming the print queue, archiving &
restoring files,
> etc). One of the options is to allow the user to get a listing of a tape
> archive to the screen (piped through More) which of course allows the user to
> type a '!sh<return>' and viola! a root shell.
One way is to pipe it to a program that:
1) calls setuid to remove root permission
2) exec's more
Another thing to do is to set up a dummy user such as `print' which owns the
resources such as the line printer spool ques. Even if the user manages to
break out of your scripts, he only has access to limited resources. You
might also investigate using the group feature, as once a user has group
privileges he is more restricted than with owner privilege. Too many people
resort to root owning setuid progs/scripts. It doesn't have to be this way.
*/
More information about the Comp.unix.wizards
mailing list