[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
restricted shell issue: bash can be used to get around some shell restri
From: |
Rude Yak |
Subject: |
restricted shell issue: bash can be used to get around some shell restrictions |
Date: |
Mon, 6 Nov 2000 14:28:55 -0800 (PST) |
Configuration Information [Automatically generated, do not change]:
Machine: sparc
OS: solaris2.6
Compiler: gcc
Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='sparc'
-DCONF_OSTYPE='solaris2.6' -DCONF_MACHTYPE='sparc-sun-solaris2.6'
-DCONF_VENDOR='sun' -DSHELL -DHAVE_CONFIG_H -D_LARGEFILE_SOURCE
-D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -I. -I. -I./include -I./lib
-I/apps/bash/2.04/include -g -O2
uname output: SunOS l98udfw1 5.6 Generic_105181-16 sun4u sparc SUNW,Ultra-5_10
Machine Type: sparc-sun-solaris2.6
Bash Version: 2.04
Patch Level: 0
Release Status: release
Description:
[Detailed description of the problem, suggestion, or complaint.]
Bash does not do a full restricted shell check, thus making it possible to use
bash to get
around shell restrictions.
Repeat-By:
[Describe the sequence of events that causes the problem
to occur.]
------------------
$ cat /usr/bin/hostname
#!/usr/bin/sh
# Copyright (c) 1984, 1986, 1987, 1988, 1989 AT&T
# All Rights Reserved
# THIS IS UNPUBLISHED PROPRIETARY SOURCE CODE OF AT&T
# The copyright notice above does not evidence any
# actual or intended publication of such source code.
# Copyright (c) 1988, Sun Microsystems, Inc.
# All Rights Reserved.
#ident "@(#)hostname.sh 1.4 96/08/27 SMI" /* SVr4.0 1.2 */
if [ $# -eq 0 ]; then
/bin/uname -n
elif [ $# -eq 1 ]; then
/bin/uname -S $1
else
echo `/bin/gettext 'Usage: hostname [name]'`
exit 1
fi
------------------
This is the standard Solaris hostname script; it should be impossible to run in
a normal
restricted shell since it explicitly calls a fully-qualified executable path.
The expected
result is:
$ SHELL=/usr/lib/rsh /usr/lib/rsh /usr/bin/hostname
/usr/bin/hostname: /bin/uname: restricted
The actual result with bash is:
$ SHELL=/usr/lib/rsh /usr/local/bin/bash /usr/bin/hostname
myhost
Fix:
[Description of how to fix the problem. If you don't know a
fix for the problem, don't include this section.]
*** ORIGshell.c Mon Nov 6 15:50:54 2000
--- shell.c Mon Nov 6 16:19:16 2000
***************
*** 524,525 ****
--- 524,528 ----
+ /*** XXX - we also need to check $SHELL, in case we were called -from- a
restricted shell ***/
+ restricted_shell += shell_is_restricted (getenv("SHELL"));
+
/* If the `-r' option is supplied at invocation, make sure that the shell
***************
*** 992,994 ****
temp = base_pathname (name);
! return (STREQ (temp, RESTRICTED_SHELL_NAME));
}
--- 995,999 ----
temp = base_pathname (name);
! /** return (STREQ (temp, RESTRICTED_SHELL_NAME)); **/
! /** XXX - took this out of the source for pdksh **/
! return (temp = strchr(temp,'r')) && strstr(temp,"sh");
}
***************
*** 1007,1008 ****
--- 1012,1014 ----
char *temp;
+ char *temp2;
***************
*** 1009,1011 ****
temp = base_pathname (shell_name);
! if (restricted || (STREQ (temp, RESTRICTED_SHELL_NAME)))
{
--- 1015,1019 ----
temp = base_pathname (shell_name);
! temp2 = base_pathname (getenv("SHELL"));
! if (restricted || (STREQ (temp, RESTRICTED_SHELL_NAME)) ||
! ( (temp2 = strchr(temp2,'r')) && strstr(temp2,"sh")) )
{
__________________________________________________
Do You Yahoo!?
Thousands of Stores. Millions of Products. All in one Place.
http://shopping.yahoo.com/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- restricted shell issue: bash can be used to get around some shell restrictions,
Rude Yak <=