From owner-freebsd-questions@FreeBSD.ORG Thu Nov 18 16:27:34 2010 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3E2D5106566C for ; Thu, 18 Nov 2010 16:27:34 +0000 (UTC) (envelope-from xaero@xaerolimit.net) Received: from mail-ey0-f182.google.com (mail-ey0-f182.google.com [209.85.215.182]) by mx1.freebsd.org (Postfix) with ESMTP id D10BD8FC0C for ; Thu, 18 Nov 2010 16:27:33 +0000 (UTC) Received: by eyb7 with SMTP id 7so2041850eyb.13 for ; Thu, 18 Nov 2010 08:27:32 -0800 (PST) Received: by 10.213.29.68 with SMTP id p4mr3752549ebc.31.1290097652614; Thu, 18 Nov 2010 08:27:32 -0800 (PST) MIME-Version: 1.0 Received: by 10.213.10.65 with HTTP; Thu, 18 Nov 2010 08:27:12 -0800 (PST) In-Reply-To: <20101118145239.10937b78@adolfputzen> References: <20101118145239.10937b78@adolfputzen> From: Chris Brennan Date: Thu, 18 Nov 2010 11:27:12 -0500 Message-ID: To: Julian Fagir Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: Escaping from shell-scripts X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Nov 2010 16:27:34 -0000 On Thu, Nov 18, 2010 at 8:52 AM, Julian Fagir wrote: > Hi, > > I'm planning a service with a login-user-interface. Thus, I want to > restrict > the user somehow to this script and to do nothing else. > > The straight-forward way would be to write this script, have all input > parsed > by read and then let the script act according to this input (let's assume > that these tools are secure, it's just cp'ing and writing to > non-sensitive files. > > Are there possibilities to escape from such a script down to a prompt? > > On the other hand, if I would take python for this, so a python-script is > executed, are there ways to get to a generic python-prompt? > > The restriction to that script would be done by either setting the > login-shell to that script, setting the ssh-command for that account/key > (and > ensuring that it can't be altered), or both. > > > All in all, this is a more general question I have for quite a time: Can > you > use shell-scripts for security-relevant environments? Does an attacker have > the possibility to escape from a script down to a prompt? > > I'm not that into shell-programming and there are too many legacies about > terminals (some time ago, I had to cope with termcap...) and shells which > one > just can't all know. > E.g., it was just a few days ago I found out what a terminal-stop means and > that it is still interpreted by screen, though using it for several years > now. > > > Regards, Julian > While I cannot answer your question fully, you could use python as the user's shell and call the python script in question by passing the script to the parser as login, how specifically that is done, I am not sure. I've never used py as a login shell but I am fairly certain it can be done....