[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug in testing for a restricted shell

From: Alan J. Wylie
Subject: bug in testing for a restricted shell
Date: Tue, 21 Sep 2004 13:00:18 +0100

Configuration Information [Automatically generated, do not change]:
Machine: i686
OS: linux-gnu
Compiler: gcc-3
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='i686' 
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i686-unknown-linux-gnu' 
-DCONF_VENDOR='unknown' -DSHELL -DHAVE_CONFIG_H  -I.  -I. -I./include -I./lib  
-g -O2
uname output: Linux alan 2.4.27 #2 Thu Sep 2 09:23:09 BST 2004 i686 unknown 
unknown GNU/Linux
Machine Type: i686-unknown-linux-gnu

Bash Version: 2.05b
Patch Level: 0
Release Status: release


        Trying to set up a user who logs into a restricted shell.  Set
        shell field in /etc/passwd to /usr/rbin/rbash, add filename to
        /etc/shells, copy bash to /usr/rbin/rbash.

        User logs in over ssh, but is not in a restricted shell.

        This is because in a login shell, the shell is "-rbash", with
        a leading minus.

        In shell.c, base_pathname is called to get the name of the
        shell. The name should then be checked for the presence of a
        leading "-", before comparing against "rbash". 

example patch:
--- bash-2.05b/shell.c  2002-07-01 16:27:11.000000000 +0100
+++ bash-2.05b.new/shell.c      2004-09-21 12:47:01.000000000 +0100
@@ -1064,7 +1064,12 @@
   if (restricted)
     return 1;
   temp = base_pathname (name);
+  if ( temp[0] == '-' )
+    temp++;
+  /*printf( "shell_is_restricted  - temp \"%s\"\n", temp );*/
   return (STREQ (temp, RESTRICTED_SHELL_NAME));
@@ -1082,6 +1087,11 @@
   char *temp;
   temp = base_pathname (name);
+  if ( temp[0] == '-' )
+    temp++;
+  /*printf( "maybe_make_restricted   - temp \"%s\"\n", temp );*/
   if (restricted || (STREQ (temp, RESTRICTED_SHELL_NAME)))
       set_var_read_only ("PATH");

reply via email to

[Prev in Thread] Current Thread [Next in Thread]