Am So, den 25.07.2004 schrieb Aaron Gaudio um 5:42: > > > I've always been fond of the rbash shell... symbolic link bash to > > > rbash, then set their shell to /bin/rbash.... pretty cool. > > > > What should that be? Restricting morons? > > > > I suggest you do it yourself and then when logged in with such an rbash > > shell you enter "bash" and then rethink the sense of such a shell > > setting ;) > > Fortunately, restricted mode is a little more intelligent than that. It will > not allow you to specify "/" in command names, and PATH is a read-only > variable. So, properly configured, a restricted bash shell can provide a > little more semblance of security thatn you let on, though it surely is not > a panacea. It didn't want to say that an rbash is useless under all circumstances. My intention was just to point out that what Brentley found so "pretty cool" is useless from aspect of security. In this thread the previous discussion was about exactly that and his reply was meant as a simple alternate to a chroot. I felt Brentley's suggestion was worth a critic because it is at best fake security. Alexander -- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.6-1.435.2.3.ad.umlsmp Serendipity 15:42:02 up 3 days, 30 users, load average: 0.99, 0.48, 0.36
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
