Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!csd4.csd.uwm.edu!gem.mps.ohio-state.edu!ginosko!uunet!mcsun!ukc!axion!galadriel!pcf
From: pcf@galadriel.bt.co.uk (Pete French)
Newsgroups: comp.unix.questions
Subject: Re: Restricted Shell - does it still exist.
Message-ID: <329@galadriel.bt.co.uk>
Date: 23 Aug 89 08:42:21 GMT
References: <443@siswat.UUCP<
Organization: RT6115, BTRL, Martlesham Heath, England
Lines: 29

From article <443@siswat.UUCP<, by buck@siswat.UUCP (A. Lester Buck):
< In article <323@galadriel.bt.co.uk>, I wrote ...
< < The restricted shell can, luckily, still be run. You just invoke it with
< < a '-r' option. So put in your users .profile ...
< < 
< < exec sh -r
< < 
< < And he will have a restricted shell.
< 
< /bin/rsh enforces its restrictions after the .profile is executed, and any
< BREAK or DELETE actions by the user during .profile processing result in his
< being logged off.  A persistent rsh user could break out of this scheme
< without much trouble by leaning on his interrupt key.

Ummm...so write a C program to exec /bin/sh with the name "rsh" and make that
the login shell for the user. That should be safe.

There is an art to breaking restricted shells anyway - I am sure a persistent
rsh user will suss out a way round it sooner or later. I had a friend once who
was very good at this sort of thing : defining shell functions provided an
interesting escape route...

                       -Pete.

-- 
       -Pete French.               |
  British Telecom Research Labs.   | "The carefree days are distant now,
 Martlesham Heath, East Anglia.    |  I wear my memories like a shroud..."
All my own thoughts (of course)    |                               -SIOUXSIE