Hello Rudi On 21 Oct 2003 at 22:58, Rudi Starcevic wrote:
> Though I'd post something I found on the net about rbash. > I haven't tested it yet. > > [quote] > > But it's possible to get out from this chroot. > > woockie_at_twoflower:~$ cd .. > rbash: cd: restricted > woockie_at_twoflower:~$ vi foo > > in vi: > :set shell=/bin/sh > :shell > woockie_at_twoflower:~$ cd .. > woockie_at_twoflower:/home$ > > [end quote] > It's disappointing if it's that easy. > Still if they do get out and misbehave you could catch them > with monitoring. Our rbash shells don't have access to vi ... or much else! Their path is set to "/usr/local/lib/rbash-bin/" and that directory has sym-links to a few selected binaries. Still I don't regard the rbash setup as secure. Regards Ian -- Ian Forbes ZSD http://www.zsd.co.za Office: +27 21 683-1388 Fax: +27 21 674-1106 Snail Mail: P.O. Box 46827, Glosderry, 7702, South Africa -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
