Date: Fri, 9 Aug 1996 11:20:59 +0000 (GMT) From: Gabor Zahemszky <zgabor@CoDe.hu> To: freebsd-questions@freebsd.org Cc: valtech@caribnet.net Subject: Re: Shell Security Message-ID: <199608091121.LAA00434@CoDe.CoDe.hu> In-Reply-To: <Pine.BSF.3.91.960808192025.168A-100000@vmp.bb.net> from "Sean Batson" at Aug 8, 96 07:29:26 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > Are there any restricted unix shells > for FreeBSD with good security. At > present my system is like an open-sapulka(play ground, brothel) > were confidential data and network config files > are being viewed, downloaded and I > would really like to restrict untrusted > users, to their home directories. > > Are there any such shell available? Yes, but not the standard ones. (I have 2.1R, so maybe it has changed in 2.1.5) So: sh has no rsh (there is rsh, but it's remote shell), csh has no rcsh, bash has no rbash, (I don't know zsh and tcsh) BUT on ports, there is pdksh (it is a better ksh than bash and zsh!), and it supports it. If I remember well, it's 5.2.3, and the last version is 2.5.7 from ftp://ftp.cs.mun.ca:/pub/pdksh (it has many new bug fixes - and maybe bugs, too) - so use that. Or get the original AT&T ksh from http://www.reseach.att.com:80/orgs/ssr/book/reuse/ (maybe it has some problems, the ksh93(version xxx/d) had a Linux a.out, and a BSDI 2.0 version, so we had to use the Linux version with linuxemu - it worked fine -, but the last version xxx/f(?) is a Linux elf (interesting, but a today letter from David Korn says, it's aout), and a BSDI 2.0 - so in <= 2.1.5, we cannot run it - only in -current(?)). So get pdksh (or search for an older version of Linux ksh93). Bye, Gabor -- Gabor Zahemszky <zgabor@CoDe.hu> -:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:-:- Earth is the cradle of human sense, but you can't stay in the cradle forever. Tsiolkovsky
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608091121.LAA00434>