home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!pacsoft!mike
- From: mike@pacsoft.com (Mike Stefanik)
- Newsgroups: comp.os.coherent
- Subject: Re: Who are you?
- Message-ID: <1347@pacsoft.com>
- Date: 14 Aug 92 17:29:55 GMT
- References: <iw47oB2w164w@dadoka.h.ni.schule.de> <92081262@umunk.GUN.de>
- Organization: Pacific Software Group, Riverside, Ca.
- Lines: 35
-
- In article <92081262@umunk.GUN.de> udo@umunk.GUN.de (Udo Munk) writes:
- >Rsh is a copyrighted program from AT&T for System V, as far as I know there
- >is no public domain version of it available.
-
- Typically /bin/rsh is nothing more than a hard link to /bin/sh. Anyone
- with one of the freely available Bourne-like shells, and the interest in
- doing so, could make a restricted shell; all in all, it's a rather trivial
- extension. The rules are pretty basic:
-
- - do not execute commands when argv[0] contains a path;
- thus the command "/bin/ls" would not be allowed, but "ls"
- would be
-
- - do not allow the user to modify "special" environment
- variables (ie: SHELL, PATH, HOME, LOGNAME); for additional
- security, you would probably want to make the variables
- EDITOR, VISUAL, MAIL and read-only as well
-
- - do not allow the builtin command 'cd'
-
- - do not allow output redirection with '>' or '>>'
-
- - if interrupted while in /etc/profile or $HOME/.profile,
- die immediately; this is because no restrictions are
- enforced until after these startup scripts have been
- processed
-
- - if the command being executed is a shell script or function,
- use /bin/sh (since there are no restrictions, scripts
- should be carefully reviewed before giving restricted users
- access to them)
-
- --
- Mike Stefanik mike@pacsoft.com ...!uunet!pacsoft!mike (+1 714 681 2623)
- Pacific Software Group, Riverside, CA
-
