From owner-freebsd-isp@FreeBSD.ORG  Tue Sep 26 14:46:29 2006
Return-Path: <owner-freebsd-isp@FreeBSD.ORG>
X-Original-To: freebsd-isp@freebsd.org
Delivered-To: freebsd-isp@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A37BD16A407
	for <freebsd-isp@freebsd.org>; Tue, 26 Sep 2006 14:46:29 +0000 (UTC)
	(envelope-from mark@gaiahost.coop)
Received: from biodiesel.gaiahost.coop (biodiesel.gaiahost.coop [64.95.78.120])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 5FD3543D4C
	for <freebsd-isp@freebsd.org>; Tue, 26 Sep 2006 14:46:29 +0000 (GMT)
	(envelope-from mark@gaiahost.coop)
Received: from gaiahost.coop (host-64-65-195-19.spr.choiceone.net
	[::ffff:64.65.195.19]) (AUTH: LOGIN mark@hubcapconsulting.com)
	by biodiesel.gaiahost.coop with esmtp; Tue, 26 Sep 2006 10:46:25 -0400
	id 007940C3.45193D42.000043A0
Received: by gaiahost.coop (sSMTP sendmail emulation);
	Tue, 26 Sep 2006 10:46:32 -0400
Date: Tue, 26 Sep 2006 10:46:32 -0400
From: Mark Bucciarelli <mark@gaiahost.coop>
To: freebsd-isp@freebsd.org
Message-ID: <20060926144632.GV3064@rabbit>
Mail-Followup-To: freebsd-isp@freebsd.org
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
User-Agent: Mutt/1.4.2.1i
Subject: restricted shell
X-BeenThere: freebsd-isp@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Internet Services Providers <freebsd-isp.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-isp>
List-Post: <mailto:freebsd-isp@freebsd.org>
List-Help: <mailto:freebsd-isp-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-isp>,
	<mailto:freebsd-isp-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Sep 2006 14:46:29 -0000

I'm looking into using ibsh as a restricted shell for ssh access
to virtual host containers.  For the most part, our customers are
trustworthy and for us ibsh strikes a nice balance between
security, complexity and functionality.  I've looked at rbash,
ondir and chroot ssh (and a post from Theo that says chroot ssh
is not worth the effort).

I see ibsh is vulnerable to programs that can spawn their own
shells (like vim and emacs).  I am assuming there is a way to
disable this features from both editors.  Customers will want an
editor.

Can folks here suggest other ways I might try to crack ibsh?  

What vulnerabilities can you imagine?

Thanks,

m