[clug] Wanted: Developer to securely implement a restricted SSH shell

Andrew Janke a.janke at gmail.com
Mon Jan 4 16:28:33 MST 2010 

> If you look at my custom shell
> http://www.mammothmedia.com.au/~nats/restricted-shell-job.txt
> I refuse to run with any command line arguments, so specifying
> command="anything" just causes my shell to exit.
>
> I think I prefer that solution, since it means I can let the user just
> directly edit their authorized_keys file instead of having to parse/build it
> for them.

Well if you are paranoid, you could start of by replacing:

   #!/bin/bash

with

   #!/bin/rbash

This will then mean that thing like this:

   #! /bin/rbash

   echo $SHELL

   SHELL=/bin/tcsh
   echo $SHELL

Will result in:

   harold:~$ ./a.sh
   /bin/bash
   ./a.sh: line 5: SHELL: readonly variable
   /bin/bash

There are lots of other things that rbash does, man tells me this:

       If bash is started with the name rbash, or the -r option is
supplied at invocation, the shell becomes restricted.  A restricted
shell
       is used to set up an environment more controlled than the
standard shell.  It behaves identically to bash with the exception
that the
       following are disallowed or not performed:

       ·      changing directories with cd

       ·      setting or unsetting the values of SHELL, PATH, ENV, or BASH_ENV

       ·      specifying command names containing /

       ·      specifying a file name containing a / as an argument to
the .  builtin command

       ·      Specifying a filename containing a slash as an argument
to the -p option to the hash builtin command

       ·      importing function definitions from the shell
environment at startup

       ·      parsing the value of SHELLOPTS from the shell
environment at startup

       ·      redirecting output using the >, >|, <>, >&, &>, and >>
redirection operators

       ·      using the exec builtin command to replace the shell with
another command

       ·      adding or deleting builtin commands with the -f and -d
options to the enable builtin command

       ·      Using the enable builtin command to enable disabled shell builtins

       ·      specifying the -p option to the command builtin command

       ·      turning off restricted mode with set +r or set +o restricted.


--
Andrew Janke
(a.janke at gmail.com || http://a.janke.googlepages.com/)
Canberra->Australia    +61 (402) 700 883

More information about the linux mailing list