Path: utzoo!censor!becker!bdb
From: bdb@becker.UUCP (Bruce Becker)
Newsgroups: comp.unix.wizards
Subject: Re: Restricted shell (was Re: rsh environment)
Keywords: no /etc/profile sourced?
Message-ID: <193@becker.UUCP>
Date: 1 Jan 89 20:04:08 GMT
References: <1276@uwbull.uwbln.UUCP> <14640@cisunx.UUCP> <901@philmds.UUCP> <278@dcs.UUCP> <425@aurora.auvax.uucp>
Reply-To: bdb@becker.UUCP (Bruce Becker)
Organization: G. T. S., Toronto, Ontario
Lines: 23

In article <425@aurora.auvax.uucp> lyndon@auvax.UUCP (Lyndon Nerenberg) writes:
> [ example of security hole in 'rsh' ]
>The only way to make this work properly is to modify sh to always run
>restricted mode, and make sure the users path has this version of
>sh in front of /bin/sh. You can also make sh a disabled 'builtin'
>command when you're running restricted. Either way, shell scripts
>start to act strange ...


	In some versions of 'sh/rsh', the environment variable
	"$SHELL" is special - if it ends with the string 'rsh',
	then the restrictions are in force no matter whether one
	entered as 'sh' or 'rsh'. "$SHELL" becomes readonly as well.

>Lyndon Nerenberg   Computing Services   Athabasca University
>{alberta, attvcr, ncc}!auvax!lyndon  ||  lyndon@nexus.ca

Cheers,
-- 
   _  _/\	Bruce Becker	Toronto, Ont.
   \`o O|	Internet: bdb@becker.UUCP, bruce@gpu.utcs.toronto.edu
    \(")/	BitNet:   BECKER@HUMBER.BITNET
---mm-U-mm---	"The OSF is suffering from Penix envy" - Rocky Raccoon