[BusyBox] Please Review -- Mash Restricted Shell.
vgavini at engmail.uwaterloo.ca
vgavini at engmail.uwaterloo.ca
Wed Dec 10 01:53:20 UTC 2003
Hi all!
Here's an implementation of a restricted shell, in msh.
It include the following functionality.
~ Checks to make sure '..', '~', '/' and the specified $VARS are excluded from
the command typed at the prompt.
~ Checks to make sure '..', '~', '/' are excluded, after evaluation of quotes
and backslash {", ' and \}.
~ Includes a new command called dostartDaemon that only allows running scripts
from a specific directory (Currently only one parameter can be passed into the
script).
~ Logs every command into local3.log
The end-goal is to audit every thing and to not let people to freely navigate
around the directory tree.
Please review the attached diffs to see if this "standalone restricted"-msh
shell is clean enough so that a user cannot "escape" out of it.
Any feedback is much appreciated. Thanks!
-Vibhu.
----------------------------------------
This mail sent through www.mywaterloo.ca
-------------- next part --------------
A non-text attachment was scrubbed...
Name: msh.c.busybox-1.00-pre3.diff
Type: application/octet-stream
Size: 26890 bytes
Desc: not available
Url : http://lists.busybox.net/pipermail/busybox/attachments/20031209/a3ce5cf6/attachment.obj
More information about the busybox
mailing list