Re: SSH access restrictions
Hello Rudi
On 21 Oct 2003 at 22:58, Rudi Starcevic wrote:
> Though I'd post something I found on the net about rbash.
> I haven't tested it yet.
>
> [quote]
>
> But it's possible to get out from this chroot.
>
> woockie_at_twoflower:~$ cd ..
> rbash: cd: restricted
> woockie_at_twoflower:~$ vi foo
>
> in vi:
> :set shell=/bin/sh
> :shell
> woockie_at_twoflower:~$ cd ..
> woockie_at_twoflower:/home$
>
> [end quote]
> It's disappointing if it's that easy.
> Still if they do get out and misbehave you could catch them
> with monitoring.
Our rbash shells don't have access to vi ... or much else! Their path
is set to "/usr/local/lib/rbash-bin/" and that directory has sym-links to
a few selected binaries.
Still I don't regard the rbash setup as secure.
Regards
Ian
--
Ian Forbes ZSD
http://www.zsd.co.za
Office: +27 21 683-1388 Fax: +27 21 674-1106
Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa
Reply to: