[clug] Wanted: Developer to securely implement a restricted SSH shell
Nathan O'Sullivan
nathan at mammoth.com.au
Mon Jan 4 15:19:15 MST 2010
> Do Linux'es allow 'setuid/gid' on shell scripts?
> I thought I read somewhere they don't... (in the context of creating
> 'non-portable' scripts)
>
No, they don't - the setuid bit is ignored on scripts.
> I can't see a way around using 'sudo' or similar on Dom0.
>
I dont have to use sudo, but I have no problem with using it either. If
anything, I'd lean towards using it rather than elevating the
permissions of my custom shell/binary.
> Perhaps your request is not so much you want an SSH client (Andrew
> Janke's post covers containing ssh-keys), but a way to (securely)
> convert simple shell scripts into binaries...
>
A number of people have suggested utilising the authorized_keys command
value and/or compiling a binary, but to my mind this doesnt actually
change the core problem of restricting what that program can do.
To give you two examples of what I know needs securing - and this is
largely irrelevant of how the custom shell/binary/whatever is executed:
- There is a file .ssh/environment that sshd will read from if it
exists. If the customer was able to somehow write that file to disk,
they could run any program they wanted (see "LOGIN PROCESS" section of
sshd man page)
- There are those LD_PRELOAD* environment variables which can be used to
affect where shared libraries (.so's) are loaded from; which if the user
figures out how to write a file to disk, could be used to run arbitrary
code.
These are some of the things I know need to be protected against. I also
know I am no expert; as a developer I must admit I dont follow security
mailing lists, so I'm aware that I do not know about the full breadth of
possible attacks.
So, what I'm looking for ideally is the opportunity to spend some money
and make this Someone Elses Problem; but as a learning exercise its also
interesting I think to discuss this class of problem on the list.
Regards
Nathan
More information about the linux
mailing list