Wolfgang S. Rupprecht wrote: > Mikkel <mikkel@xxxxxxxxxxxxxxxx> writes: >> You may also want to consider setting his shell to rbash. See the >> "RESTRICTED SHELL" section of the bash man page. > > Treat rbash as a fun puzzle, not as a security measure. They did block > ">" redirects and ./doit file execution, but that is far from enough. > With a few minutes pondering this solution popped up. > > emacs doit > <insert "bash -i" without the quotes> > . doit > <instant non-restricted shell> > rbash isn't that insecure, it has its own PATH, and I can't imagine putting anything other than the minimum tools needed in it. In the past I have made a /usr/rbin directory and hard linked only the things absolutely needed. It is not an optimal top security solution, but it's not quite as bad as you imply unless it's set up to be. It is quite useful for keeping newbies from hurting themselves. ;-) See other post for related replies. -- Bill Davidsen <davidsen@xxxxxxx> "We have more to fear from the bungling of the incompetent than from the machinations of the wicked." - from Slashdot -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
