[Nottingham] What restricted shell for ftp? What idiot-user GUI client?

Martin martin at ml1.co.uk
Fri Feb 2 18:12:17 GMT 2007

Well, this scuppers rbash for any usefulness:


"Finally we come to the restricted shells. The most popular, rbash, is a
restricted bash shell. Setting a user's shell to rbash will provide
absolutely zero security. In theory, rbash will prevent users from
running anything by specifying a full path, including './' (the current
directory). This implies that it's difficult for users to run commands,
including scripts they write or downloaded exploits. Since $PATH is
controlled globally, users can only run things in those locations.
Unfortunately, /bin/ is going to need to be in their path, so all a user
needs to do is run a new shell, and rbash is no longer in the picture:
'exec bash'"

Any (easy-ish) better ways?


Martin Lomas
martin at ml1.co.uk

More information about the Nottingham mailing list