[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Security problem: rbash isn't working on initial invocation

I'm using bash on Debian 'testing'. I've created a symlink /bin/rbash that points to /bin/bash, and prior to upgrading to 3, it worked as expected. Users could not do "cd .." and other restricted functions as described in the manpage. I only recently noticed that this is NOT currently working. 

I've created a user with the following in /etc/passwd:

shelluser:x:1007:1007:Shell User,,,:/home/shelluser:/bin/rbash

When this user logs in, they get the bash prompt and all appears normal:

login: shelluser
Password:
Last login: Thu Sep 26 11:19:44 2002 from server.ttlexceeded.com on pts/2
Linux lab 2.4.18-586tsc #1 Sun Apr 14 10:57:57 EST 2002 i586 unknown unknown GNU/Linux 
[shelluser ~]$ echo $SHELL
/bin/rbash
[shelluser ~]$ echo $PATH
/usr/rbin
[shelluser ~]$ ls /usr/rbin
cat    getfile     intro    mv    putfile  r4    rvim     touch
clear  help     less    news  r1       r5    shellhelp     traceroute
cp     hostname  ls    nmap  r2       rjoe  shellintro  tty
fping  info     man    ping  r3       rm    talk
[shelluser ~]$ /bin/bash --version
GNU bash, version 2.05b.0(2)-release (i386-pc-linux-gnu)
Copyright (C) 2002 Free Software Foundation, Inc.
[shelluser ~]$ /bin/date
Thu Sep 26 11:22:55 MST 2002
[shelluser ~]$ cd ..
[shelluser /usr/home]$
Notice that although rbash is shown as the current shell, the user can move up the directory tree. Also, /bin/date (etc.) can be executed with no problems. Now, what's really maddening, if I call /bin/rbash, it works properly:rbash-2.05b$ 

[shelluser ~]$ /bin/rbash
[shelluser ~]$ cd ..
rbash: cd: restricted
[shelluser ~]$ /bin/date
rbash: /bin/date: restricted: cannot specify `/' in command names
So it appears that it's only the initial (login) invocation that's broken. Needless to say, this is a concern. I do not recall making any signficant changes to the user environment in recent months other than shell prompt and the like. To eliminate any concerns, I removed /etc/bash* and /etc/profile as well as ~/.bash* and ~/profile, but no change in results: 

lab login: shelluser
Password:
Last login: Thu Sep 26 11:20:14 2002 from server.ttlexceeded.com on pts/2
Linux lab 2.4.18-586tsc #1 Sun Apr 14 10:57:57 EST 2002 i586 unknown unknown GNU/Linux 
-rbash-2.05b$ cd ..
-rbash-2.05b$ pwd
/usr/home
-rbash-2.05b$ cd
-rbash-2.05b$ /bin/date
Thu Sep 26 11:26:44 MST 2002
-rbash-2.05b$ cd ..
-rbash-2.05b$ /bin/rbash
rbash-2.05b$ pwd
/usr/home
rbash-2.05b$ /bin/date
rbash: /bin/date: restricted: cannot specify `/' in command names
rbash-2.05b$ cd ..
rbash: cd: restricted
I've searched the list archives for recent rbash references and am finding none, nor did I find anything in recent security announcements. Can anyone shed some light on this for me? 

Thanks,

- Bob
Reply to: