Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!dino!ux1.cso.uiuc.edu!ux1.cso.uiuc.edu!m.cs.uiuc.edu!carey
From: carey@m.cs.uiuc.edu
Newsgroups: comp.unix.wizards
Subject: Secure (regular) Scripts_
Message-ID: <9100020@m.cs.uiuc.edu>
Date: 19 Dec 89 01:31:51 GMT
Lines: 21
Nf-ID: #N:m.cs.uiuc.edu:9100020:000:1071
Nf-From: m.cs.uiuc.edu!carey    Dec 18 10:42:00 1989


I have made a  guest login on one of our machines, for outside people
to get access to some notesfiles and send mail to users and things like
that.  It runs a shell script (bourne shell), which allows the guest
user to choose from a menu of things to do.

I want to keep people in this shell script, and not allow them to have
access to a regular shell.  One thing I have tried to prevent is having
people send interrupts and things like that to interrupt the shell
script.

Another big problem is that many things, like notes, mail, and even editors,
have "shell escapes" built into them.

Is there any way to prevent people from using these shell escapes, or at least
having them not be able to do anything once they have done it?  Do I have to 
rewrite mail and editors, to disable the shell escapes?  I wanted to avoid
using the "rsh" (restricted shell) since that is kind of an administrative 
hassle.  It would be better than rewriting editors.  The best thing would
be some kind of trick to have them end up in a black hole somewhere when
they do a shell escape.