Re: Restricted Shells or Menu Based Shells

• Previous message: Terrence Martin: "Restricted Shells or Menu Based Shells"
• In reply to: Terrence Martin: "Restricted Shells or Menu Based Shells"
• Next in thread: Derek D. Martin: "Re: Restricted Shells or Menu Based Shells"
• Next in thread: Sumit Dhar: "Re: Restricted Shells or Menu Based Shells"
• Reply: Derek D. Martin: "Re: Restricted Shells or Menu Based Shells"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 21 Feb 2002 17:34:12 -0800
From: Seth Arnold <sarnold@wirex.com>
To: focus-linux@securityfocus.com

On Wed, Feb 20, 2002 at 03:23:21PM -0700, Terrence Martin wrote:
> Can anyone recommend a good restricted or menu based shell?

Note that your life may be significantly easier if you put all untrusted
users in one group, trusted users in another group, and fiddle with
group and world execute permissions on all the executables on your
system. The executables anyone can run (e.g., pine) can be made world
executable. The executables only trusted users can run can be made owned
by their group, and group executable.

This prevents the execution at the kernel level, rather than hoping that
the executed programs don't have other ways of executing files.

Given that, I think I have seen both 'wsh' and 'lush' in use as
menu-based shells before.

Cheers

-- 
"I'm not sure which upsets me more: that people are so unwilling
to accept responsibility for their own actions, or that they are
so eager to regulate everyone else's." -- Kee Hinckley

• application/pgp-signature attachment: stored

• Previous message: Terrence Martin: "Restricted Shells or Menu Based Shells"
• In reply to: Terrence Martin: "Restricted Shells or Menu Based Shells"
• Next in thread: Derek D. Martin: "Re: Restricted Shells or Menu Based Shells"
• Next in thread: Sumit Dhar: "Re: Restricted Shells or Menu Based Shells"
• Reply: Derek D. Martin: "Re: Restricted Shells or Menu Based Shells"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [ Attn: Randy ] Ad-hoc Parsing? ... I think you're getting confused by the fact that the Bourne shell (sh, ... If your scripting language is incapable of dropping arbitrary data ... that this also is possible with bash scripts. ... That includes executables of all types. ... (alt.lang.asm) Re: is something wrong in it? ... >>Your shell will look for executables in the directories listed in the $PATH ... > am giving mfold command. ... mfold executable and the shell interpreter tries to locate the mfold ... (comp.os.linux.misc) Re: is something wrong in it? ... > Your shell will look for executables in the directories listed in the $PATH ... Is that means I didnt install thing properly?thanks ... Prev by Date: ... (comp.os.linux.misc) Re: is something wrong in it? ... > Your shell will look for executables in the directories listed in the $PATH ... am giving mfold command. ... Prev by Date: ... (comp.os.linux.misc) Re: errorlevel ... The application test shell I've written runs a couple of simple batch ... files to return errorlevels. ... >> parameters to run each console app. ... >> the console executables in each case. ... (microsoft.public.dotnet.languages.vb)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint