From owner-freebsd-security Mon May 31 2:31:20 1999 Delivered-To: freebsd-security@freebsd.org Received: from exchns01.PQAFRICA.CO.ZA (mail.pqafrica.co.za [196.29.130.34]) by hub.freebsd.org (Postfix) with ESMTP id D7D5E14F36 for ; Mon, 31 May 1999 02:31:14 -0700 (PDT) (envelope-from psivbl@psimr.persetel.co.za) Received: by mail.pqafrica.co.za with Internet Mail Service (5.5.2448.0) id ; Mon, 31 May 1999 11:21:32 +0200 Message-ID: <501BF453CDCFD111A6E40080C83DAC041308C9@PSICS001> From: Vikash Badal * To: "'freebsd-security@FreeBSD.ORG'" Subject: restricted bash Date: Mon, 31 May 1999 11:34:45 +0200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2448.0) Content-Type: text/plain Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Greetings Can anyone assist me with implementing a restricted bash shell. Currently I am testing a restricted bash shell using the bash 2.01 with the -r option. After creating 64 processes I get a "fork : Resource temporary unavailable" error and cannot execute any command. I have used this error to gain access to an unrestricted bash shell. Is there any way I can prevent anyone from logging in when a "resource temporary unavailable" error occurs ? The kernel is currently 2.2.5 , the restricted shell uses ssh version 1.26 to log into the rest of the network and the box will act as a firewall of sorts. I cannot recompile the kernel as the box was really stripped down by my predecessor. Thanks Vikash NaTIS Information System Security Vikash Badal System Security Administrator Tel : 011-256-1028 Cell: 082-979-3818 Email: psivbl@psimr.persetel.co.za To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message