Oops.. It actually works! That's a great catch! I thought "redirection" is not supported in restricted mode though..! I just checked... It is mostly related to "output" re-direction.
Hmm......I think I am going to tinker "bash" source code to disable the "echo" builtin. :-) Any ideas? -----Original Message----- From: Pierre Gaston [mailto:pierre.gas...@gmail.com] Sent: Thursday, January 12, 2012 4:05 PM To: Sarnath K - ERS, HCLTech Cc: bug-bash@gnu.org; b...@packages.debian.org Subject: Re: Restricted Bash - Not so restrictive (in 4.2 as well) On Thu, Jan 12, 2012 at 12:26 PM, Sarnath K - ERS, HCLTech <k_sarn...@hcl.com> wrote: > Hello Jonathan, > > Thanks for your inputs. I was able to created a super-restricted login. > Here are a few things that I learnt during this process: > > 1. "vim" has a restricted mode called "rvim (or) vim -Z". This way, I can > restrict the user from running shell commands from vim and peep into the > Filesystem > a) CAVEAT: "vim" allows the user to "read" and "write" files in the > file-system provided the user _knows_ the path (or guesses some file path) > b) So, to make it foolproof, I had to go with "nano" editor > - which supports a restricted mode that does not allow the user to > edit any other file than the one specified in the command line Can't you read a file with: echo "$(< pathtofile)"? I never really tried, but I'd probably look into things like chroot (or even a vm) to provide something really restricted. ::DISCLAIMER:: ----------------------------------------------------------------------------------------------------------------------- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any mail and attachments please check them for viruses and defect. -----------------------------------------------------------------------------------------------------------------------