 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
I'm not looking to restrict him from commands, just to save him from learning Linux. Actually, he was supposed to be setting up a Linux server for hosting the web pages and the mailing list, but he never got around to it. On 9 Sep 2002 at 12:54, Derek D. Martin wrote: > I don't know of any such thing, but I do want to issue a word of > caution: > > Be aware that if your user is clueful, it's virtually impossible to > write a restricted shell that actually restricts the user to only > those commands. (I suspect that the reason you want such a thing is > because your user is NOT clueful, but I'll continue my thoughts under > the assumption that I'm wrong.) > > For a restricted shell to be successful, you must not allow the user > access to any commands that can be used to get a shell. So for > example, most editors are out. You must also not allow the user to be > able to modify their environment, so now the rest of your editors are > out, and you also need to make their home directory read-only. A > partial discussion as to why this is the case is here: > > http://www.pizzashack.org/rssh/security.html > > The attack that I describe here is far from the only one. A user > might also be able to modify their environment by changing the PATH > variable, potentially causing an arbitrary program to be run, in the > event that some program they can run is not specified by full path, or > is a script which contains commands that are not fully specified. Etc. > > - -- > Derek Martin ddm at pizzashack.org > - --------------------------------------------- > I prefer mail encrypted with PGP/GPG! > GnuPG Key ID: 0x81CFE75D > Retrieve my public key at http://pgp.mit.edu > Learn more about it at http://www.gnupg.org > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.6 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE9fNJXdjdlQoHP510RAisnAJ9DAVyFMhszvYR9vrLfQOgZIKz9kQCgvUsU > TT5OiViKla9scZPEWhoQv/s= > =n9eY > -----END PGP SIGNATURE----- > _______________________________________________ > Discuss mailing list > Discuss at blu.org > http://www.blu.org/mailman/listinfo/discuss -- Jerry Feldman <gaf at blu.org> Associate Director Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
