nolan@tssi.UUCP (Michael Nolan) (07/20/90)
I'm trying to set up some restricted accounts on my NCR Tower/450 running SysV.2 (NCR version 2.01.00). When I try to use /usr/bin/mailx, I get the following message: sh: /usr/ucb/more: restricted whenever I try to read a letter longer than 20 lines or so. I'm assuming this is because mailx is trying to use more and can't, because rsh doesn't allow execution of programs with paths using '/'. I've looked through the documentation and can't see anything of any help. Putting /usr/ucb in the PATH for the restricted user doesn't help. Other than going to /bin/mail, the only other mail program I have, are there any solutions to this problem? ------------------------------------------------------------------------------ Mike Nolan "I don't know what apathy is, Tailored Software Services, Inc. and I don't want to find out!" Lincoln, Nebraska (402) 423-1490 UUCP: tssi!nolan should work, if not try something like uunet!frith!upba!tssi!nolan
wescott@Columbia.NCR.COM (Mike Wescott) (07/21/90)
In article <1733@tssi.UUCP> nolan@tssi.UUCP (Michael Nolan) writes: > I'm trying to set up some restricted accounts Don't rely on rsh to be very secure, I've been told that it is fairly easy to break. > When I try to use /usr/bin/mailx, I get the following message: > sh: /usr/ucb/more: restricted > I'm assuming this is because mailx is trying to use more and can't, because > rsh doesn't allow execution of programs with paths using '/'. Correct. I suspect that the environment variable PAGER is set to /usr/ucb/more. Change it so that it is no longer an absolute pathname and it should work. -- -Mike Wescott mike.wescott@ncrcae.Columbia.NCR.COM
tif@doorstop.austin.ibm.com (Paul Chamberlain) (07/21/90)
I doubt this has anything to do with ncr... In article <1733@tssi.UUCP> nolan@tssi.UUCP (Michael Nolan) writes: >When I try to use /usr/bin/mailx, I get the following message: > sh: /usr/ucb/more: restricted Try setting PAGER=more and making sure more is in the search path. There may also be an option in mailx to set the pager to something or maybe even to disable it. Paul Chamberlain | I do NOT represent IBM tif@doorstop, sc30661@ausvm6 512/838-7008 | ...!cs.utexas.edu!ibmaus!auschs!doorstop.austin.ibm.com!tif
nolan@tssi.UUCP (Michael Nolan) (07/24/90)
Thanks to several persons for the info on the PAGER variable. I had to change it in the /usr/lib/mailx/mailx.rc file, but now the pager works OK. However, now I get the following message when exiting mailx: sh: /usr/lib/mailx/rmmail: restricted PS: I know that rsh is not very secure, but it's at least a little bit more secure than sh. Does anybody know a more secure shell? I'm not so much interested in defeating the bad guys, most of whom know more about unix that I ever want to know, but in keeping amateurs (non-programmers) from doing something that messes up somebody else's work. Mike Nolan
cudcv@warwick.ac.uk (Rob McMahon) (07/24/90)
In article <2834@awdprime.UUCP> tif@doorstop.austin.ibm.com (Paul Chamberlain) writes: >In article <1733@tssi.UUCP> nolan@tssi.UUCP (Michael Nolan) writes: >>When I try to use /usr/bin/mailx, I get the following message: >> sh: /usr/ucb/more: restricted > >Try setting PAGER=more and making sure more is in the search path. But doesn't this blow away the whole point of using rsh, because you can get out of more into vi via `v', set your shell to anything you want, and then shell out ... (speaking as a BSD user who only remembers rsh from days of abortively trying to make a secure environment). As I recall we couldn't allow any mail readers or pagers, and the only editor we could give out was ed ... real useful. Rob -- UUCP: ...!mcsun!ukc!warwick!cudcv PHONE: +44 203 523037 JANET: cudcv@uk.ac.warwick INET: cudcv@warwick.ac.uk Rob McMahon, Computing Services, Warwick University, Coventry CV4 7AL, England
jon@savant.UUCP (Jon Gefaell) (07/25/90)
In article <1733@tssi.UUCP> nolan@tssi.UUCP (Michael Nolan) writes: >I'm trying to set up some restricted accounts on my NCR Tower/450 running >SysV.2 (NCR version 2.01.00). > >When I try to use /usr/bin/mailx, I get the following message: > sh: /usr/ucb/more: restricted >whenever I try to read a letter longer than 20 lines or so. Uhm, try putting commands that you want available to users in the rsh in the /usr/rbin directory, you _did_ rtfm, right? *sigh* -- +----------- Domain? DOMAIN? We Don't Need No Steeeenkin' Domain! -----------+ | __/\ | | \/~~ | +-savant!jon@virginia.edu {...}!uunet!virginia!savant!jon jeg7e@virginia.edu-+
harris@sauron.Columbia.NCR.COM (Ray Harris) (07/25/90)
In article <1738@tssi.UUCP> nolan@tssi.UUCP (Michael Nolan) writes: >Thanks to several persons for the info on the PAGER variable. I had to >change it in the /usr/lib/mailx/mailx.rc file, but now the pager works OK. > >However, now I get the following message when exiting mailx: > >sh: /usr/lib/mailx/rmmail: restricted > >Mike Nolan The man page discussion of rsh suggests setting up /usr/rbin and putting it in the rsh user's PATH (This must be done in the .profile). You can then create links to the appropriate commands that the user needs to execute. If you make /usr/rbin the entire PATH, this gives better control over what the user can execute, i.e., he can't execute everything in /usr/ucb, only those commands that are linked into /usr/rbin. We've done this on a 32/800 here, and it seems to work well. Ray Harris -- ray.harris@Columbia.NCR.COM (Ray Harris) ...!uunet!ncrlnk!ncrcae!harris ...!gatech!hubcap!ncrcae!harris
tif@doorstop.austin.ibm.com (Paul Chamberlain) (07/26/90)
In article <1990Jul24.141800.15561@warwick.ac.uk> cudcv@warwick.ac.uk writes: >In article <2834@awdprime.UUCP> tif@doorstop.austin.ibm.com writes: >>Try setting PAGER=more and making sure more is in the search path. >But doesn't this blow away the whole point of using rsh, because you can ... Yes, but I thought that that was sufficiently complicated that I did not want to spoil it for others. That one little hole kinda ruins rsh. That was why I mentioned that they might disable the pager. At least they could still use mail (no editor though). Paul Chamberlain | I do NOT represent IBM tif@doorstop, sc30661@ausvm6 512/838-7008 | ...!cs.utexas.edu!ibmaus!auschs!doorstop.austin.ibm.com!tif
nolan@tssi.UUCP (Michael Nolan) (07/26/90)
In article <2911@awdprime.UUCP>, tif@doorstop.austin.ibm.com (Paul Chamberlain) writes: > That was why I mentioned that they might disable the pager. At least > they could still use mail (no editor though). Ever tried to read a long e-mail without a pager? Disabling it is not a viable solution. So, why isn't there a 'dumb' pager, one that pages and *nothing* else! It seems stupid to point out a hole in unix security, and then have the only solution be to disable the bugger causing it. Surely sombody out there could hack together a pager. (How about a contest for the *shortest* C program that works as a 'dumb' pager? Sounds like a great item for the 1991 obfuscated C code contest!) ------------------------------------------------------------------------------ Mike Nolan "To err is human, to forgive Tailored Software Services, Inc. is divine, to procrastinate is, Lincoln, Nebraska (402) 423-1490 um, can I get back to you on that?" UUCP: tssi!nolan INTERNET: nolan@pythia.unl.edu (only if the other address doesn't work)
tif@doorstop.austin.ibm.com (Paul Chamberlain) (07/30/90)
In article <1741@tssi.UUCP> nolan@tssi.UUCP (Michael Nolan) writes: >In article <2911@awdprime.UUCP>, tif@doorstop.austin.ibm.com (Paul Chamberlain) writes: >> That was why I mentioned that they might disable the pager. At least >> they could still use mail (no editor though). >Ever tried to read a long e-mail without a pager? ... Yes. Ever heard of CTRL-S? >It seems stupid to point out a hole in unix security, and then have the >only solution be to disable the bugger causing it. Don't shoot the messenger. If the bug doesn't bother you, let them use a pager. I seem to recall that one of the original options was to turn off mail. That seems a little drastic, so I provided another solution. Ok, here's two more possible solutions: EDITOR=false or EDITOR=ed (I think more uses this variable ...) or PAGER=less (compiled with the editor option turned off or in combination with the above EDITOR environment variable) >(How about a contest for the *shortest* C program that works as a 'dumb' pager? >Sounds like a great item for the 1991 obfuscated C code contest!) Hmmm.... Paul Chamberlain | I do NOT represent IBM tif@doorstop, sc30661@ausvm6 512/838-7008 | ...!cs.utexas.edu!ibmaus!auschs!doorstop.austin.ibm.com!tif
shwake@raysnec.UUCP (Ray Shwake) (08/01/90)
>>In article <2911@awdprime.UUCP>, tif@doorstop.austin.ibm.com (Paul Chamberlain) writes: >>> That was why I mentioned that they might disable the pager. At least >>> they could still use mail (no editor though). Of course, one can prevent access to the shell through the editor using a number of techniques, viz: 1) If you have access to the editor source code, simply choose the no-shell option (we do this with the public-domain 'less' pager); 2) Using a binary editor or a suitable C program, overwrite relevant strings to prevent shell access. We've used the latter approach, together with a redefinition of SHELL to something innocuous on rsxtech, and no one has broken through yet.