From owner-freebsd-questions@FreeBSD.ORG Thu Nov 18 14:43:20 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 69712106564A for ; Thu, 18 Nov 2010 14:43:20 +0000 (UTC) (envelope-from fbsd8@a1poweruser.com) Received: from mail-03.name-services.com (mail-03.name-services.com [69.64.155.195]) by mx1.freebsd.org (Postfix) with ESMTP id 2AB648FC1E for ; Thu, 18 Nov 2010 14:43:19 +0000 (UTC) Received: from [192.168.1.64] ([76.240.47.196]) by mail-03.name-services.com with Microsoft SMTPSVC(6.0.3790.4675); Thu, 18 Nov 2010 06:43:19 -0800 Message-ID: <4CE53B87.6070801@a1poweruser.com> Date: Thu, 18 Nov 2010 09:43:19 -0500 From: Fbsd8 User-Agent: Thunderbird 2.0.0.17 (Windows/20080914) MIME-Version: 1.0 To: Julian Fagir References: <20101118145239.10937b78@adolfputzen> In-Reply-To: <20101118145239.10937b78@adolfputzen> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-OriginalArrivalTime: 18 Nov 2010 14:43:19.0414 (UTC) FILETIME=[F1248960:01CB872E] X-Sender: fbsd8@a1poweruser.com Cc: freebsd-questions@freebsd.org Subject: Re: Escaping from shell-scripts X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Nov 2010 14:43:20 -0000 Julian Fagir wrote: > Hi, > > I'm planning a service with a login-user-interface. Thus, I want to restrict > the user somehow to this script and to do nothing else. > > The straight-forward way would be to write this script, have all input parsed > by read and then let the script act according to this input (let's assume > that these tools are secure, it's just cp'ing and writing to > non-sensitive files. > > Are there possibilities to escape from such a script down to a prompt? > > On the other hand, if I would take python for this, so a python-script is > executed, are there ways to get to a generic python-prompt? > > The restriction to that script would be done by either setting the > login-shell to that script, setting the ssh-command for that account/key (and > ensuring that it can't be altered), or both. > > > All in all, this is a more general question I have for quite a time: Can you > use shell-scripts for security-relevant environments? Does an attacker have > the possibility to escape from a script down to a prompt? > > I'm not that into shell-programming and there are too many legacies about > terminals (some time ago, I had to cope with termcap...) and shells which one > just can't all know. > E.g., it was just a few days ago I found out what a terminal-stop means and > that it is still interpreted by screen, though using it for several years now. > > > Regards, Julian Your should think about "JAILS" and qjail in particular, http://sourceforge.net/projects/qjail/ If you don't have to many users just allocate a jail for each user id or all those users in a single jail and then you don't need any of the script stuff you are talking about.