LinuxSA Mailing list archives

  From: Alan Kennington <akenning@dog.topology.org>
  To  : LinuxSA <linuxsa@linuxsa.org.au>
  Date: Mon, 6 Nov 2000 18:43:23 +1030

restricted shell recommendation?

Can anyone recommend an off-the-shelf restricted shell?

I've looked up in the book "Linux system security"
by Scott Mann and Ellen Mitchell (Prentice Hall),
and found instructions on how to make up a secure shell 
of sorts from a korn shell with the -r parameter,
using a short C program which can be used in /etc/passwd.

That's sort of okay, but I woudl have preferred something
that is specifically intended for this purpose rather than
copying a short program from a book.

Also, the solution in the book does not do a chroot to
constrain the path, which maybe is not so much of a problem.
Maybe doing a chroot is a bad thing because then you have to copy
all the necessary binary files  into the user's directory.

The real problem is that I want users to be able to
use "scp" to do file transfers, but not to be able to
wander around and look at everything and do nasty things
like getting "r00t shellz".

Unfortunately, scp uses ssh to execute an "scp" process on
the server machine, or so it seems.
So you can't turn off ssh if you want scp to be permitted.
This is real problem, in my opinion, which reduces the
security of ssh.

Cheerio,
Alan Kennington.

PS. Does anyone know where to get a simple MIDI disassembler?
I can't find any that work. There was one that needed Gnome,
but I don't use Gnome (yet).

-- 
LinuxSA WWW: http://www.linuxsa.org.au/  IRC: #linuxsa on irc.linux.org.au
To unsubscribe from the LinuxSA list:
  mail linuxsa-request@linuxsa.org.au with "unsubscribe" as the subject