Date: Tue, 3 Sep 2002 17:34:15 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: Giorgos Keramidas <keramida@ceid.upatras.gr> Cc: Radko Keves <rado@studnet.sk>, questions@FreeBSD.ORG Subject: Re: restricted shell Message-ID: <20020903223415.GB5980@dan.emsphone.com> In-Reply-To: <20020904004159.H37427-100000@hades> References: <20020903184443.GA99379@studnet.sk> <20020904004159.H37427-100000@hades>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Sep 04), Giorgos Keramidas said: > On 2002-09-03 20:44, Radko Keves wrote: > > ;), Tue, Sep 03, 2002 at 09:04:51PM +0300, Giorgos Keramidas said that > > > On 2002-09-03 17:50 +0000, Radko Keves wrote: > > > > hi all i have question about restricted shell (for example rbash) > > > > SHELL enviroment is read only, but user can run another shell if is > > > > in PATH, [...] > > that's fine but please supply next enviroments for my eyes: > > PATH > > SHELL > > Pardon me, I was invoking bash the wrong way. > I stand corrected: > > charon@hades[00:42]/home/charon$ env PATH='/bin:/sbin:/usr/bin:.' /usr/local/bin/bash --restricted --norc That PATH is more than enough to break out of the shell. You can use more, less, find, xargs, and probably 20 other commands in /usr/bin to launch an unrestricted shell. You should set PATH to a single directory, and only put in it the programs that the user must run. -- Dan Nelson dnelson@allantgroup.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020903223415.GB5980>