[Gllug] Limiting SSH access
Richard W.M. Jones
rich at annexia.org
Fri Apr 4 09:20:35 UTC 2003
On Thu, Apr 03, 2003 at 11:00:33PM +0100, John Edwards wrote:
> Setting the user's shell to rbash (restricted bash) and setting $PATH
> to a limited set of program removes a lot of this freedom:
>
> [john at elephant john]$ ../../bin/uptime
> rbash: ../../bin/uptime: restricted: cannot specify `/' in command names
> [john at elephant john]$ export PATH=/sbin:/bin:/usr/sbin:/usr/bin
> rbash: PATH: readonly variable
> [john at elephant john]$ echo 'Evilness' > file
> rbash: file: restricted: cannot redirect output
> [john at elephant john]$ cd ../../
> rbash: cd: restricted
>
> "man bash" has full details on the restricted mode. This problem is
> that it's often *too* restrictive for interactive users, but is good
> for scripted use.
<pedantic>
By using a restricted shell, you're relying on the fact that none
of the programs that you allow the user to execute does this:
(a) ignores $SHELL and runs /bin/sh or /bin/bash,
(b) reads a start-up file which allows environment variables to be set,
and provides shell escapes,
(c) has any buffer overflow on any possible input [a user can use a
buffer overflow on input to cause the executable to exec /bin/sh]
Both are quite hard to check if you give the user are large set of
commands to run.
</pedantic>
I hope this display of pedantry has not harmed anyone's day :-) Now
I'm off to play with my Buffalo WLAN card ...
Rich.
--
Richard Jones, Red Hat Inc. (London office, UK) http://www.redhat.com/
http://www.annexia.org/ Freshmeat projects: http://freshmeat.net/users/rwmj
NET::FTPSERVER is a full-featured, secure, configurable, database-backed
FTP server written in Perl: http://www.annexia.org/freeware/netftpserver/
--
Gllug mailing list - Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug
More information about the GLLUG
mailing list