On 4/4/15 1:22 AM, David Bonner wrote:
> Bash Version: 4.3
> Patch Level: 30
> Release Status: release
>
> Description:
> The restricted shell opened by calling rbash or bash with the -r or
> --restricted option can be easily circumvented with the
> command 'chroot / bash' making the restricted shell useless because
> anyone can get out of it with this command.
If the administrator, or whomever sets up the restricted environment,
doesn't set PATH to something that contains only trusted commands and
doesn't have a `cd' that puts the user somewhere other than his home
directory in a startup file that the restricted shell reads,
restricted shell mode is essentially useless.
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU c...@case.edu http://cnswww.cns.cwru.edu/~chet/
