From owner-freebsd-security Wed Jun 7 10:27:22 2000 Delivered-To: freebsd-security@freebsd.org Received: from closed-networks.com (closed-networks.com [195.153.248.242]) by hub.freebsd.org (Postfix) with SMTP id 437EB37BB75 for ; Wed, 7 Jun 2000 10:27:14 -0700 (PDT) (envelope-from udp@closed-networks.com) Received: (qmail 67664 invoked by uid 1021); 7 Jun 2000 17:33:54 -0000 Date: Wed, 7 Jun 2000 18:33:24 +0100 From: User Datagram Protocol To: Peter Pentchev Subject: Re: Restricting user to a directory Message-ID: <20000607183324.L65725@closed-networks.com> Reply-To: User Datagram Protocol References: <200006071649.e57GnEg12368@bart.esiee.fr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: ; from roam@orbitel.bg on Wed, Jun 07, 2000 at 08:02:07PM +0300 X-Echelon: MI6 Cobra GCHQ Panavia MI5 Timberline IRA NSA Mossad CIA Copperhead Organization: Closed Networks Limited, London, UK Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org What about SYSV-style invocation with argv[0] == "/bin/rsh" ? Ick. On Wed, Jun 07, 2000 at 08:02:07PM +0300, Peter Pentchev wrote: > not really. bash should be configured at runtime as to whether to *allow* > invocation as a restricted shell; most precompiled versions of bash come > with this capability. > From there, just start it as rbash or bash -r, and it runs restricted. -- Bruce M. Simpson aka 'udp' Security Analyst & UNIX Development Engineer WWW: www.closed-networks.com/~udp Dundee www.packetfactory.net/~udp United Kingdom email: udp@closed-networks.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message