[BusyBox] Please Review -- Mash Restricted Shell.

vgavini at engmail.uwaterloo.ca vgavini at engmail.uwaterloo.ca
Wed Dec 10 01:53:20 UTC 2003


Hi all! 

Here's an implementation of a restricted shell, in msh. 
It include the following functionality. 
~ Checks to make sure '..', '~', '/' and the specified $VARS are excluded from
the command typed at the prompt.
~ Checks to make sure '..', '~', '/' are excluded, after evaluation of quotes
and backslash {", ' and \}.  
~ Includes a new command called dostartDaemon that only allows running scripts
from a specific directory (Currently only one parameter can be passed into the
script). 
~ Logs every command into local3.log 

The end-goal is to audit every thing and to not let people to freely navigate
around the directory tree. 
 
    Please review the attached diffs to see if this "standalone restricted"-msh
 shell is clean enough so that a user cannot "escape" out of it. 

Any feedback is much appreciated. Thanks! 

-Vibhu. 


----------------------------------------
This mail sent through www.mywaterloo.ca
-------------- next part --------------
A non-text attachment was scrubbed...
Name: msh.c.busybox-1.00-pre3.diff
Type: application/octet-stream
Size: 26890 bytes
Desc: not available
Url : http://lists.busybox.net/pipermail/busybox/attachments/20031209/a3ce5cf6/attachment.obj 


More information about the busybox mailing list