Menus for non-Linux users

Jerry Feldman gaf at blu.org
Mon Sep 9 13:06:48 EDT 2002 

I'm not looking to restrict him from commands, just to save him from 
learning Linux. 
Actually, he was supposed to be setting up a Linux server for hosting the 
web pages and the mailing list, but he never got around to it. 
On 9 Sep 2002 at 12:54, Derek D. Martin wrote:
> I don't know of any such thing, but I do want to issue a word of
> caution:
> 
> Be aware that if your user is clueful, it's virtually impossible to
> write a restricted shell that actually restricts the user to only
> those commands.  (I suspect that the reason you want such a thing is
> because your user is NOT clueful, but I'll continue my thoughts under
> the assumption that I'm wrong.)  
> 
> For a restricted shell to be successful, you must not allow the user
> access to any commands that can be used to get a shell.  So for
> example, most editors are out.  You must also not allow the user to be
> able to modify their environment, so now the rest of your editors are
> out, and you also need to make their home directory read-only.  A
> partial discussion as to why this is the case is here:
> 
>   http://www.pizzashack.org/rssh/security.html
> 
> The attack that I describe here is far from the only one.  A user
> might also be able to modify their environment by changing the PATH
> variable, potentially causing an arbitrary program to be run, in the
> event that some program they can run is not specified by full path, or
> is a script which contains commands that are not fully specified. Etc.
> 
> - -- 
> Derek Martin               ddm at pizzashack.org    
> - ---------------------------------------------
> I prefer mail encrypted with PGP/GPG!
> GnuPG Key ID: 0x81CFE75D
> Retrieve my public key at http://pgp.mit.edu
> Learn more about it at http://www.gnupg.org
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.6 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQE9fNJXdjdlQoHP510RAisnAJ9DAVyFMhszvYR9vrLfQOgZIKz9kQCgvUsU
> TT5OiViKla9scZPEWhoQv/s=
> =n9eY
> -----END PGP SIGNATURE-----
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://www.blu.org/mailman/listinfo/discuss


-- 
Jerry Feldman <gaf at blu.org>
Associate Director
Boston Linux and Unix user group
http://www.blu.org PGP key id:C5061EA9
PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9

More information about the Discuss mailing list