Restricted shell (was Re: rsh environment)
A. Lester Buck
buck at siswat.UUCP
Sat Dec 31 11:25:40 AEST 1988
In article <425 at aurora.auvax.uucp>, lyndon at auvax.uucp (Lyndon Nerenberg) writes:
[ ...deleted trivial demo that "sh -r" still lets one execute sh ]
> The only way to make this work properly is to modify sh to always run
> restricted mode, and make sure the users path has this version of
> sh in front of /bin/sh. You can also make sh a disabled 'builtin'
> command when you're running restricted. Either way, shell scripts
> start to act strange ...
No, the way to use rsh is to understand how it should be set up.
"Unix Shell Programming" by Kochan and Wood summarizes a sample
rsh environment, typically for a game user or a data entry clerk.
An rsh setup needs a .profile that sets a restricted path, say
PATH=/usr/rbin:/usr/restrict/bin
and set SHELL=/bin/rsh, then cd into /usr/restrict/bin. If the user
trys to BREAK or DELETE out of the .profile at login, he is logged off.
/usr/rbin is suggested to contain *only* cat, echo, ls, mail, red,
and write. /usr/restrict/bin might have all the games or whatever
application is to be run. Even this setup is described as "not
really very secure." We can all imagine some interesting attacks.
Just nothing as trivial as "$ sh".
--
A. Lester Buck ...!uhnix1!moray!siswat!buck
More information about the Comp.unix.wizards
mailing list