[Nottingham] What restricted shell for ftp? What idiot-user GUI client?

Martin martin at ml1.co.uk
Fri Feb 2 18:12:17 GMT 2007


Well, this scuppers rbash for any usefulness:

http://www.enterprisenetworkingplanet.com/netsecur/article.php/3640521

"Finally we come to the restricted shells. The most popular, rbash, is a
restricted bash shell. Setting a user's shell to rbash will provide
absolutely zero security. In theory, rbash will prevent users from
running anything by specifying a full path, including './' (the current
directory). This implies that it's difficult for users to run commands,
including scripts they write or downloaded exploits. Since $PATH is
controlled globally, users can only run things in those locations.
Unfortunately, /bin/ is going to need to be in their path, so all a user
needs to do is run a new shell, and rbash is no longer in the picture:
'exec bash'"


Any (easy-ish) better ways?

Cheers,
Martin

-- 
----------------
Martin Lomas
martin at ml1.co.uk
----------------



More information about the Nottingham mailing list