restricted shell [was: Firewall in an internet-caffe]

["Arne P. Boettger" <apb@wohnheim.fh-wedel.de>]

Hello!

> There used to be a System V shell called rsh, for restricted shell, with
> that you were in a very limited environment, and could only run a subset of
> commands.
> There must be something out there already which does this.
Yes, you're right. You can run bash as restricted shell when you
call it as rbash instead of bash.
See man bash for more information.

> The chown is a good idea, but if you do that make sure there's no C
> compiler.  You could also set the inode of .. to itself in /fake's
> directory, to avoid break outs.
You can also chroot the shell so it doesn't even know of the real
root directory.

-- 
Ciao, Arne.
                                                                  -o)
GPG 1024D/913C2F81 2000-10-11 Arne P. Boettger <apb@createx.de>   /\\
Fingerprint = 6ED9 9A64 CD8A EB6F D841  0391 2F08 8F86 913C 2F81 _\_V