From owner-freebsd-questions@FreeBSD.ORG Thu Nov 18 13:52:50 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F420A106564A for ; Thu, 18 Nov 2010 13:52:49 +0000 (UTC) (envelope-from gnrp@physik.tu-berlin.de) Received: from mail.tu-berlin.de (mail.tu-berlin.de [130.149.7.33]) by mx1.freebsd.org (Postfix) with ESMTP id A6A178FC0C for ; Thu, 18 Nov 2010 13:52:49 +0000 (UTC) X-tubIT-Incoming-IP: 130.149.58.163 Received: from mail.physik-pool.tu-berlin.de ([130.149.58.163] helo=mail.physik.tu-berlin.de) by mail.tu-berlin.de (exim-4.69/mailfrontend-a) with esmtp for id 1PJ4uu-0007bb-Bk; Thu, 18 Nov 2010 14:52:48 +0100 Received: from localhost (localhost.physik-pool.tu-berlin.de [127.0.0.1]) by mail.physik.tu-berlin.de (Postfix) with ESMTP id 3777D11408 for ; Thu, 18 Nov 2010 14:52:47 +0100 (CET) X-Virus-Scanned: amavisd-new at physik.tu-berlin.de Received: from mail.physik.tu-berlin.de ([127.0.0.1]) by localhost (mail.physik-pool.TU-Berlin.DE [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PqdPlwcr9CmP for ; Thu, 18 Nov 2010 14:52:44 +0100 (CET) Received: from adolfputzen (laptopecke.physik-pool.tu-berlin.de [130.149.58.159]) (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by mail.physik.tu-berlin.de (Postfix) with ESMTPSA id D03A411405 for ; Thu, 18 Nov 2010 14:52:43 +0100 (CET) Date: Thu, 18 Nov 2010 14:52:39 +0100 From: Julian Fagir To: freebsd-questions@freebsd.org Message-ID: <20101118145239.10937b78@adolfputzen> X-Mailer: Claws Mail 3.7.6 (GTK+ 2.14.7; x86_64-unknown-linux-gnu) Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/G5vvwumKDYKsTnvKvT2hZZI"; protocol="application/pgp-signature"; micalg=PGP-SHA1 Subject: Escaping from shell-scripts X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Nov 2010 13:52:50 -0000 --Sig_/G5vvwumKDYKsTnvKvT2hZZI Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Hi, I'm planning a service with a login-user-interface. Thus, I want to restrict the user somehow to this script and to do nothing else. The straight-forward way would be to write this script, have all input pars= ed by read and then let the script act according to this input (let's assume that these tools are secure, it's just cp'ing and writing to non-sensitive files. Are there possibilities to escape from such a script down to a prompt? On the other hand, if I would take python for this, so a python-script is executed, are there ways to get to a generic python-prompt? The restriction to that script would be done by either setting the login-shell to that script, setting the ssh-command for that account/key (a= nd ensuring that it can't be altered), or both. All in all, this is a more general question I have for quite a time: Can you use shell-scripts for security-relevant environments? Does an attacker have the possibility to escape from a script down to a prompt? I'm not that into shell-programming and there are too many legacies about terminals (some time ago, I had to cope with termcap...) and shells which o= ne just can't all know. E.g., it was just a few days ago I found out what a terminal-stop means and that it is still interpreted by screen, though using it for several years n= ow. Regards, Julian --Sig_/G5vvwumKDYKsTnvKvT2hZZI Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iEYEARECAAYFAkzlL6cACgkQFV4nWcOPv/C+IgCeJLJAfSQY0ZrDCer+8wxDw5Iu +yIAoJTFhx28TZk4q9W8UQUXSGQdiNBD =wQTV -----END PGP SIGNATURE----- --Sig_/G5vvwumKDYKsTnvKvT2hZZI--