Is the restricted shell really secure?
John Bruner
jdb at mordor.UUCP
Sat Aug 4 01:37:54 AEST 1984
You should be able to keep a restricted account from wandering afield
via ".." by making the parent directory non-executable. I.e. make the
home directory for the restricted account "foo" be "/mnt/locked/foo"
(replace "/mnt" with whatever top-level directory you plan to use)
where "/mnt/locked" is owned by root and is mode 700.
This assumes, of course, that the restricted account isn't running
under user-id 0 :-)
--
John Bruner (S-1 Project, Lawrence Livermore National Laboratory)
MILNET: jdb at mordor.ARPA [jdb at s1-c] (415) 422-0758
UUCP: ...!ucbvax!dual!mordor!jdb ...!decvax!decwrl!mordor!jdb
More information about the Comp.unix.wizards
mailing list