Date: Mon, 26 May 1997 00:04:00 -0700 From: "Pedro F. Giffuni" <pgiffuni@fps.biblos.unal.edu.co> To: Jaye Mathisen <mrcpu@cdsnet.net> Cc: hackers@FreeBSD.ORG Subject: Re: Correct way to chroot for shell account users? Message-ID: <338935E0.224E@fps.biblos.unal.edu.co> References: <Pine.NEB.3.95.970525144745.28807A-100000@mail.cdsnet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jaye Mathisen wrote: > > Anybody got any tips on how to write a secure shell to exec on login to > set a users environment to the "right thing". > I had to open some public accounts some time ago. While on SCO and AIX I had the restricted shell (Rsh), but it wasn't very useful: I used it for a suspected cracker and he also broke it :-). My answer to the problem is to define an innocent program in /etc/shells and use it instead of the shell. You can build a custom lynx (with lot's of restrictions) or use gopher as a shell. Code for a restricted shell, and some "secure" utilities used to be in the gopher and W3C distribution sites, JIC someone was brave enough to use them > > Any code appreciated as well. Thanks.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?338935E0.224E>