Security problem: rbash isn't working on initial invocation
I'm using bash on Debian 'testing'. I've created a symlink /bin/rbash
that points to /bin/bash, and prior to upgrading to 3, it worked as
expected. Users could not do "cd .." and other restricted functions as
described in the manpage. I only recently noticed that this is NOT
currently working.
I've created a user with the following in /etc/passwd:
shelluser:x:1007:1007:Shell User,,,:/home/shelluser:/bin/rbash
When this user logs in, they get the bash prompt and all appears normal:
login: shelluser
Password:
Last login: Thu Sep 26 11:19:44 2002 from server.ttlexceeded.com on pts/2
Linux lab 2.4.18-586tsc #1 Sun Apr 14 10:57:57 EST 2002 i586 unknown
unknown GNU/Linux
[shelluser ~]$ echo $SHELL
/bin/rbash
[shelluser ~]$ echo $PATH
/usr/rbin
[shelluser ~]$ ls /usr/rbin
cat getfile intro mv putfile r4 rvim touch
clear help less news r1 r5 shellhelp traceroute
cp hostname ls nmap r2 rjoe shellintro tty
fping info man ping r3 rm talk
[shelluser ~]$ /bin/bash --version
GNU bash, version 2.05b.0(2)-release (i386-pc-linux-gnu)
Copyright (C) 2002 Free Software Foundation, Inc.
[shelluser ~]$ /bin/date
Thu Sep 26 11:22:55 MST 2002
[shelluser ~]$ cd ..
[shelluser /usr/home]$
Notice that although rbash is shown as the current shell, the user can
move up the directory tree. Also, /bin/date (etc.) can be executed with
no problems. Now, what's really maddening, if I call /bin/rbash, it
works properly:rbash-2.05b$
[shelluser ~]$ /bin/rbash
[shelluser ~]$ cd ..
rbash: cd: restricted
[shelluser ~]$ /bin/date
rbash: /bin/date: restricted: cannot specify `/' in command names
So it appears that it's only the initial (login) invocation that's
broken. Needless to say, this is a concern. I do not recall making any
signficant changes to the user environment in recent months other than
shell prompt and the like. To eliminate any concerns, I removed
/etc/bash* and /etc/profile as well as ~/.bash* and ~/profile, but no
change in results:
lab login: shelluser
Password:
Last login: Thu Sep 26 11:20:14 2002 from server.ttlexceeded.com on pts/2
Linux lab 2.4.18-586tsc #1 Sun Apr 14 10:57:57 EST 2002 i586 unknown
unknown GNU/Linux
-rbash-2.05b$ cd ..
-rbash-2.05b$ pwd
/usr/home
-rbash-2.05b$ cd
-rbash-2.05b$ /bin/date
Thu Sep 26 11:26:44 MST 2002
-rbash-2.05b$ cd ..
-rbash-2.05b$ /bin/rbash
rbash-2.05b$ pwd
/usr/home
rbash-2.05b$ /bin/date
rbash: /bin/date: restricted: cannot specify `/' in command names
rbash-2.05b$ cd ..
rbash: cd: restricted
I've searched the list archives for recent rbash references and am
finding none, nor did I find anything in recent security announcements.
Can anyone shed some light on this for me?
Thanks,
- Bob
Reply to: