Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!harbinger.cc.monash.edu.au!simtel!lll-winken.llnl.gov!uwm.edu!vixen.cso.uiuc.edu!howland.reston.ans.net!Germany.EU.net!zib-berlin.de!news.tu-chemnitz.de!irz401!uriah.heep!news From: j@uriah.heep.sax.de (J Wunsch) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: Restricted shell in FreeBSD? Date: 23 Nov 1995 22:25:55 GMT Organization: Private BSD site, Dresden Lines: 17 Message-ID: <492sdj$r6g@uriah.heep.sax.de> References: <48dc2k$aki@maui.cc.odu.edu> <48ki66$ktk@uriah.heep.sax.de> <DIAr9y.1np@thor.shn.com> Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch) NNTP-Posting-Host: localhost.heep.sax.de Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Newsreader: knews 0.9.3 hw@thor.shn.com (Henning Wickhorst) writes: > But be very careful in trusting its secure promises. If the user's > PATH includes '/bin' for example, he can execute 'sh' and he has a > non restricted shell. More generally, if the user has any opportunity to create an executable on the system (run csh, drop a uuencoded binary, unpack a tar archive, compile a C program etc.), he can quickly bypass the restrictions. -- cheers, J"org joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE Never trust an operating system you don't have sources for. ;-)