[clug] Wanted: Developer to securely implement a restricted SSH shell

Nathan O'Sullivan nathan at mammoth.com.au
Mon Jan 4 15:19:15 MST 2010


> Do Linux'es allow 'setuid/gid' on shell scripts?
> I thought I read somewhere they don't... (in the context of creating
> 'non-portable' scripts)
>    
No, they don't - the setuid bit is ignored on scripts.

> I can't see a way around using 'sudo' or similar on Dom0.
>    
I dont have to use sudo, but I have no problem with using it either. If 
anything, I'd lean towards using it rather than elevating the 
permissions of my custom shell/binary.

> Perhaps your request is not so much you want an SSH client (Andrew
> Janke's post covers containing ssh-keys), but a way to (securely)
> convert simple shell scripts into binaries...
>    



A number of people have suggested utilising the authorized_keys command 
value and/or compiling a binary, but to my mind this doesnt actually 
change the core problem of restricting what that program can do.

To give you two examples of what I know needs securing - and this is 
largely irrelevant of how the custom shell/binary/whatever is executed:

- There is a file .ssh/environment that sshd will read from if it 
exists. If the customer was able to somehow write that file to disk, 
they could run any program they wanted (see "LOGIN PROCESS" section of 
sshd man page)

- There are those LD_PRELOAD* environment variables which can be used to 
affect where shared libraries (.so's) are loaded from; which if the user 
figures out how to write a file to disk, could be used to run arbitrary 
code.

These are some of the things I know need to be protected against. I also 
know I am no expert; as a developer I must admit I dont follow security 
mailing lists, so I'm aware that I do not know about the full breadth of 
possible attacks.



So, what I'm looking for ideally is the opportunity to spend some money 
and make this Someone Elses Problem; but as a learning exercise its also 
interesting I think to discuss this class of problem on the list.

Regards
Nathan


More information about the linux mailing list