govern@houxf.UUCP (06/29/83)
I'm looking for a restricted shell equivalent to rsh, so I can have a fairly crippled login with a widely known password. Does this exist under 4.1BSD? Thanks Bill Stewart houxf!govern BTL-Holmdel
goldfarb@ucf-cs.UUCP (06/29/83)
The Bourne shell distributed with 4.1bsd has the restricted shell code in it. All you have to do is include the line 'rflag=0' in the initialization code in main.c. Then make sure you set up .profile in the home directory of the restricted login so that it sets PATH to just the home directory (or some other one where you don't keep 'dangerous' binaries). rsh won't allow "chdir'ing," running binaries whose names start with '/', etc. -- Ben Goldfarb uucp: ...!duke!ucf-cs!goldfarb ARPA: goldfarb.ucf-cs@Rand-Relay
smk@linus.UUCP (Steven M. Kramer) (06/30/83)
The one thing you have to be concerned about are programs with shell escapes. Those that give you a particular shell (rather than your login shell) are dangerous and have to be avoided in the 4.1 rsh. -- --steve kramer {allegra,genrad,ihnp4,utzoo,philabs,uw-beaver}!linus!smk (UUCP) linus!smk@mitre-bedford (ARPA)
kalash@ucbcad.UUCP (06/30/83)
#R:houxf:-35000:ucbcad:2600003:000:395 ucbcad!kalash Jun 30 09:31:00 1983 Actually the '-r' option to /bin/sh makes an almost useless restricted shell. While you can't execute programs that begin with '/', you CAN change your PATH variable. This sort of removes a lot of the restrictions. Does anyone know about all the things sh will restrict? As far as I have ever been able to determine it is a totaly undocumented feature of the shell (at least on 4.x). Joe
guy@rlgvax.UUCP (07/02/83)
The System III manual lists "rsh" as restricting:
the cd command
setting $PATH
commands with names containing /
> and >>
Also, while the .profile is running, those restrictions are not enforced,
but any attempt to interrupt out of the .profile causes an immediate exit
(why not just disable interrupts?).
From poking over the V7 shell (and discovering that "rsh" and the builtin
"test" command were there - or most of them, anyway), I found that
the only member of the above list not enforced by the V7 "rsh" is the
setting of $PATH; I believe the theory was that the .profile would say
"readonly PATH". Is there a reason why the USG "rsh" hardwires in this
restriction?
Note that USG UNIX provides the same SHELL environment variable as 4.1BSD
does; the USG "ed" uses this to decide if it's a "restricted ed" or not.
"Restricted ed" prohibits any execution of UNIX commands, or any reference
to files with a / in their name. The editor is restricted if the SHELL
environment variable exactly equals "/bin/rsh" or if the editor was invoked
as "red".
Guy Harris
{seismo,mcnc,we13,brl-bmd,allegra}!rlgvax!guy