Date: Tue, 26 Sep 2006 10:46:32 -0400 From: Mark Bucciarelli <mark@gaiahost.coop> To: freebsd-isp@freebsd.org Subject: restricted shell Message-ID: <20060926144632.GV3064@rabbit>
next in thread | raw e-mail | index | archive | help
I'm looking into using ibsh as a restricted shell for ssh access to virtual host containers. For the most part, our customers are trustworthy and for us ibsh strikes a nice balance between security, complexity and functionality. I've looked at rbash, ondir and chroot ssh (and a post from Theo that says chroot ssh is not worth the effort). I see ibsh is vulnerable to programs that can spawn their own shells (like vim and emacs). I am assuming there is a way to disable this features from both editors. Customers will want an editor. Can folks here suggest other ways I might try to crack ibsh? What vulnerabilities can you imagine? Thanks, m
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060926144632.GV3064>