Restricted shell (was Re: rsh environment)
Bruce Becker
bdb at becker.UUCP
Mon Jan 2 06:04:08 AEST 1989
In article <425 at aurora.auvax.uucp> lyndon at auvax.UUCP (Lyndon Nerenberg) writes:
> [ example of security hole in 'rsh' ]
>The only way to make this work properly is to modify sh to always run
>restricted mode, and make sure the users path has this version of
>sh in front of /bin/sh. You can also make sh a disabled 'builtin'
>command when you're running restricted. Either way, shell scripts
>start to act strange ...
In some versions of 'sh/rsh', the environment variable
"$SHELL" is special - if it ends with the string 'rsh',
then the restrictions are in force no matter whether one
entered as 'sh' or 'rsh'. "$SHELL" becomes readonly as well.
>Lyndon Nerenberg Computing Services Athabasca University
>{alberta, attvcr, ncc}!auvax!lyndon || lyndon at nexus.ca
Cheers,
--
_ _/\ Bruce Becker Toronto, Ont.
\`o O| Internet: bdb at becker.UUCP, bruce at gpu.utcs.toronto.edu
\(")/ BitNet: BECKER at HUMBER.BITNET
---mm-U-mm--- "The OSF is suffering from Penix envy" - Rocky Raccoon
More information about the Comp.unix.wizards
mailing list