Restricted shell (was Re: rsh environment)
Lyndon Nerenberg
lyndon at auvax.uucp
Thu Dec 29 15:01:41 AEST 1988
In article <278 at dcs.UUCP> wnp at dcs.UUCP (Wolf N. Paul) writes:
>Some notes: sh and rsh are links to the same binary, with "sh -r" being
>equivalent to an invocation of rsh. "set -r" after the shell has started
>also has the same effect, as Leo's demo showed. The manual further points out
>that shell scripts are executed using standard sh, thus the restriction can
>probably be gotten around.
No kidding :-)
Script started on Wed Dec 28 21:54:59 1988
(9:55pm) aurora:/nfs/aurora2/lyndon% sh -r
$ pwd
/nfs/aurora2/lyndon
$ cd ..
cd: restricted
$ sh
$ pwd
/nfs/aurora2/lyndon
$ cd ..
$ pwd
/nfs/aurora2
(9:55pm) aurora:/nfs/aurora2/lyndon% exit
script done on Wed Dec 28 21:55:41 1988
The only way to make this work properly is to modify sh to always run
restricted mode, and make sure the users path has this version of
sh in front of /bin/sh. You can also make sh a disabled 'builtin'
command when you're running restricted. Either way, shell scripts
start to act strange ...
--
Lyndon Nerenberg Computing Services Athabasca University
{alberta, attvcr, ncc}!auvax!lyndon || lyndon at nexus.ca
More information about the Comp.unix.wizards
mailing list