[clug] Wanted: Developer to securely implement a restricted SSH shell
Nathan O'Sullivan
nathan at mammoth.com.au
Mon Jan 4 16:48:28 MST 2010
>> Well if you are paranoid, you could start of by replacing:
>>
>> #!/bin/bash
>>
>> with
>>
>> #!/bin/rbash
>>
> I think it may be worth going to C/python/perl for this reason, to
> further restrict potential mischief.
And thinking about it more, given that the .ssh/authorized_keys will be
written by our website it probably makes sense if customer's home
directory is not even writable (by the customer). Doing that should
eliminate a bunch of potential dot-file attacks.
More information about the linux
mailing list