bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Restricted Bash - Not so restrictive (in 4.2 as well)


From: Pierre Gaston
Subject: Re: Restricted Bash - Not so restrictive (in 4.2 as well)
Date: Thu, 12 Jan 2012 12:34:49 +0200

On Thu, Jan 12, 2012 at 12:26 PM, Sarnath K - ERS, HCLTech
<k_sarnath@hcl.com> wrote:
> Hello Jonathan,
>
> Thanks for your inputs. I was able to created a super-restricted login.
> Here are a few things that I learnt during this process:
>
> 1. "vim" has a restricted mode called "rvim (or) vim -Z". This way, I can 
> restrict the user from running shell commands from vim and peep into the 
> Filesystem
>    a) CAVEAT: "vim" allows the user to "read" and "write" files in the 
> file-system provided the user _knows_ the path (or guesses some file path)

>    b) So, to make it foolproof, I had to go with "nano" editor
>        - which supports a restricted mode that does not allow the user to 
> edit any other file than the one specified in the command line

Can't you read a file with: echo "$(< pathtofile)"?
I never really tried, but I'd probably look into things like chroot
(or even a vm) to provide something really restricted.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]