Path: utzoo!attcan!uunet!husc6!uwvax!oddjob!gargoyle!att!alberta!calgary!xenlink!deraadt
From: deraadt@xenlink.UUCP (Theo A. DeRaadt)
Newsgroups: comp.unix.xenix
Subject: Re: Security
Summary: Do it by setting SHELL= to something stupid
Keywords: Security
Message-ID: <179@xenlink.UUCP>
Date: 10 Sep 88 10:02:47 GMT
References: <4@raider.UUCP> <288@hawkmoon.MN.ORG>
Organization: Uncle Gonzo's Farm Animals
Lines: 65

In article <288@hawkmoon.MN.ORG>, det@hawkmoon.MN.ORG (Derek E. Terveer) writes:
> In article <4@raider.UUCP>, root@raider.UUCP (Bob Reineri) writes:
> > They can use shell commands from within either vnews of vi and do anything  
> > their heart desires (within normal system security, of course). Well, this
> > just won't work ! I know there is a 'red' editor, but I hate to confine them
> > to that. 
...
> I can't help with vnews or vi (i wish there was an "rvi" ! (for those of us w/o
> the source code that is!)), but if you happen to let them use less, the public
> domain version (4.0, i believe) has a compile time option that allows/disallows
> shell escapes.  Simply turn this off. (0)


What you want to do is write a wrapper for each program they use that does
the approximately the following:

/* this program is called "umacs", in some other directory that rsh has
 * access to. It is really actually "umacs_wrapper"
 */
#define REAL_PROGRAM "/usr/bin/umacs"
#define NEWENV 2
char table[NEWENV][] = {		/* whatever you want */
    "SHELL=/bin/echo",
    "USERNAME=idiot"
};

main(argv, argc, envp)
    char *argv[];
    int argc;
    char *envp[];
{
    int i, j;
    char **newenv;

    for(i=0; envp[i]; i++) ;

    newenv = (char **)malloc( (i+NEWENV) * sizeof(int));

    for(j=0; j<NEWENV; j++)		/* ours first, sequential search */
	newenv[j] = table[j];
    for(i=0; envp[i]; i++)
	newenv[i+NEWENV] = envp[i];

    argv[0] = REAL_PROGRAM;

    execv(argv, argc, newenv);
}


Basically........, this is what it does:

It copies the old process environment after a new one that we have set up,
which makes the user have a restricted environment. Look at the table and
see what I make his 'shell' - this means that if from umacs he does an
'pause-emacs' he will get almost nowhere!

One thing for you to deal with - I have been up for 24 hours now, and I am
going to sleep now - but this should give you the basics and maybe you can
do it yourself or reach someone else who can read the manuals and figure it
out. The basics are there........ ZZZZzzzz....
---
_____                 _                   -------------------------------------
  / /            /   / \ _   _      /_/_  Theo de Raadt:         (403) 289-4620
 / /_ _  ___  __/_  /__/ _\  _\  __/ /    Xenix386 login:        (403) 295-2541
/ / /</_(_)  (_/</_/  \_(_/\(_/\(_/_(_/   ihnp4!alberta!calgary!xenlink!deraadt