Path: utzoo!utgpu!watmath!clyde!att!ulysses!andante!alice!debra
From: debra@alice.UUCP (Paul De Bra)
Newsgroups: comp.unix.wizards
Subject: Re: Restricted shell (was Re: rsh environment)
Keywords: no /etc/profile sourced?
Message-ID: <8604@alice.UUCP>
Date: 26 Dec 88 17:18:18 GMT
References: <1276@uwbull.uwbln.UUCP> <14640@cisunx.UUCP> <901@philmds.UUCP>
Reply-To: debra@alice.UUCP ()
Organization: AT&T, Bell Labs
Lines: 37

In article <901@philmds.UUCP> leo@philmds.UUCP (Leo de Wit) writes:
>...
>Definitely. The guy said bsd. 'rsh' was also a surprise to me when I
>first worked in a System V environment.
>
>The BSD /bin/sh has also a notion of restriction, although I never saw
>it documented (not in sh(1) nor in S. R. Bourne's 'An Introduction to
>the UNIX Shell').
>...
>I'm interested both in what restriction means in System V, and whether
>there is any documentation about -r (set -r, sh -r) for the BSD /bin/sh.
>Furthermore I'm interested in hearing about its use (for what, and how).
>
>        Leo.

The restricted shell "is used to set up login names and execution
environments whose capabilities are more controlled than those of the
standard shell" (System V user manual).

There are (according to the manual) 4 things that are disallowed:
- changing directory
- setting $PATH
- specifying path or command names containing /
- redirecting output (both > and >>)

The reason why the restricted shell is dying away is that it is SO easy
to bypass...

(Since most readers of this newsgroup have sufficient imagination to become
a "cracker" but enough discipline to refrain from such activities I don't
think I have to sketch a scenario to break out of the restricted environment)

Paul.
-- 
------------------------------------------------------
|debra@research.att.com   | uunet!research!debra     |
------------------------------------------------------