Re: SSH access restrictions

To: "Rudi Starcevic" <rudi@oasis.net.au>
Cc: debian-isp@lists.debian.org
Subject: Re: SSH access restrictions
From: "I. Forbes" <iforbes@zsd.co.za>
Date: Tue, 21 Oct 2003 15:59:36 +0200
Message-id: <[🔎] 3F9557E8.31031.1499A25@localhost>
In-reply-to: <[🔎] 20031021125813.M46813@oasis.net.au>
References: <[🔎] 3F95235A.17194.7C42EA@localhost>

Hello Rudi 

On 21 Oct 2003 at 22:58, Rudi Starcevic wrote:

> Though I'd post something I found on the net about rbash.
> I haven't tested it yet.
> 
> [quote]
> 
> But it's possible to get out from this chroot.
> 
> woockie_at_twoflower:~$ cd ..
> rbash: cd: restricted
> woockie_at_twoflower:~$ vi foo
> 
> in vi:
> :set shell=/bin/sh
> :shell
> woockie_at_twoflower:~$ cd ..
> woockie_at_twoflower:/home$ 
> 
> [end quote]
 
> It's disappointing if it's that easy.
> Still if they do get out and misbehave you could catch them 
> with monitoring.

Our rbash shells don't have access to vi ... or much else! Their path 
is set to "/usr/local/lib/rbash-bin/" and that directory has sym-links to 
a few selected binaries.

Still I don't regard the rbash setup as secure.

Regards

Ian
-- 
Ian Forbes ZSD
http://www.zsd.co.za
Office: +27 21 683-1388  Fax: +27 21 674-1106
Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa

Reply to:

Follow-Ups:
- Re: SSH access restrictions
  - From: "Rudi Starcevic" <rudi@oasis.net.au>
- Re: SSH access restrictions
  - From: "Giacomo A. Catenazzi" <cate@pixelized.ch>

References:
- Re: SSH access restrictions
  - From: "I. Forbes" <iforbes@zsd.co.za>
- Re: SSH access restrictions
  - From: "Rudi Starcevic" <rudi@oasis.net.au>

Prev by Date: Re: Moving Sites
Next by Date: Re: SSH access restrictions
Previous by thread: Re: SSH access restrictions
Next by thread: Re: SSH access restrictions
Index(es):
- Date
- Thread