Date: Thu, 18 Nov 2010 11:36:46 -0500 From: Lowell Gilbert <freebsd-questions-local@be-well.ilk.org> To: doug@safeport.com Cc: freebsd-questions@freebsd.org, Julian Fagir <gnrp@physik.tu-berlin.de> Subject: Re: Escaping from shell-scripts Message-ID: <44k4kawpup.fsf@be-well.ilk.org> In-Reply-To: <alpine.BSF.2.00.1011181013090.97870@fledge.watson.org> (doug@fledge.watson.org's message of "Thu, 18 Nov 2010 11:15:52 -0500 (EST)") References: <20101118145239.10937b78@adolfputzen> <alpine.BSF.2.00.1011181013090.97870@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
doug <doug@fledge.watson.org> writes: > If you make a program a shell AFAIK to escape is to logff. Bash has a > chroot like facility that might work. However if you write a simple C > program as a wrapper for your shell script and make that program a > shell, I would think that is pretty secure. As long as you don't call anything that can create an inferior shell. A common mistake when doing this kind of thing is to allow some file editing or mail reading, using programs that have a "shell escape" capability.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44k4kawpup.fsf>