[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: The restricted shell can be easily circumvented.

From: Pierre Gaston
Subject: Re: The restricted shell can be easily circumvented.
Date: Sat, 4 Apr 2015 17:23:21 +0300

On Sat, Apr 4, 2015 at 8:22 AM, David Bonner <address@hidden> wrote:
Bash Bug Report

Configuration Information [Automatically generated, do not change]:
Machine: x86_64
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64' -DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-pc-linux-gnu' -DCONF_VENDOR='p$
uname output: Linux LFS-BUILD 3.16.0-23-generic #31-Ubuntu SMP Tue Oct 21 17:56:17 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
Machine Type: x86_64-pc-linux-gnu

Bash Version: 4.3
Patch Level: 30
Release Status: release

        The restricted shell opened by calling rbash or bash with the -r or --restricted option can be easily circumvented with the
        command 'chroot / bash' making the restricted shell useless because anyone can get out of it with this command.

        1:Open a restricted shell
        2:Test with 'cd ..'
        3:Use 'chroot / bash'
        4:Test that you are no longer restricted with 'chroot / bash'

This has already been discussed in the mailing list, you should be able to find previous discussions about this and the fact that bash -r is not an all inclusive solution (eg https://lists.gnu.org/archive/html/bug-bash/2012-01/msg00048.html ) .

However your example is not a very convincing one, you cannot use "cd" with a restricted shell, so it's not clear what you are really using and it is obvious that many commands will allow to not be restricted if they are made available.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]