The restricted shell can be easily circumvented.
Bash Bug Report Configuration Information [Automatically generated, do not change]:Machine: x86_64OS: linux-gnuCompiler: gccCompilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64' -DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-pc-linux-gnu' -DCONF_VENDOR='p$uname output: Linux LFS-BUILD 3.16.0-23-generic #31-Ubuntu SMP Tue Oct 21 17:56:17 UTC 2014 x86_64 x86_64 x86_64 GNU/LinuxMachine Type: x86_64-pc-linux-gnu Bash Version: 4.3Patch Level: 30Release Status: release Description:The restricted shell opened by calling rbash or bash with the -r or --restricted option can be easily circumvented with the command 'chroot / bash' making the restricted shell useless because anyone can get out of it with this command. Repeat-By:1:Open a restricted shell2:Test with 'cd ..' 3:Use 'chroot / bash'4:Test that you are no longer restricted with 'chroot / bash'
Re: The restricted shell can be easily circumvented.
Not a bug. This is a well known issue with restricted mode. You as a sysadmin must provide a very restricted PATH that contains only secure programs. For example, you have to avoid: GNU sed, nvi, vim, ed, emacs, ... Perhaps this *should* be documented under RESTRICTED SHELL in the bash manual. -- Eduardo Bustamante https://dualbus.me/
Re: The restricted shell can be easily circumvented.
On Sat, Apr 4, 2015 at 8:22 AM, David Bonner wrote: > Bash Bug Report > > Configuration Information [Automatically generated, do not change]: > Machine: x86_64 > OS: linux-gnu > Compiler: gcc > Compilation CFLAGS: -DPROGRAM='bash' -DCONF_HOSTTYPE='x86_64' > -DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='x86_64-pc-linux-gnu' > -DCONF_VENDOR='p$ > uname output: Linux LFS-BUILD 3.16.0-23-generic #31-Ubuntu SMP Tue Oct 21 > 17:56:17 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux > Machine Type: x86_64-pc-linux-gnu > > Bash Version: 4.3 > Patch Level: 30 > Release Status: release > > Description: > The restricted shell opened by calling rbash or bash with the -r > or --restricted option can be easily circumvented with the > command 'chroot / bash' making the restricted shell useless > because anyone can get out of it with this command. > > Repeat-By: > 1:Open a restricted shell > 2:Test with 'cd ..' > 3:Use 'chroot / bash' > 4:Test that you are no longer restricted with 'chroot / bash' > > This has already been discussed in the mailing list, you should be able to find previous discussions about this and the fact that bash -r is not an all inclusive solution (eg https://lists.gnu.org/archive/html/bug-bash/2012-01/msg00048.html ) . However your example is not a very convincing one, you cannot use "cd" with a restricted shell, so it's not clear what you are really using and it is obvious that many commands will allow to not be restricted if they are made available.
Re: The restricted shell can be easily circumvented.
David Bonner writes: > Repeat-By:1:Open a restricted shell2:Test with 'cd ..' > 3:Use 'chroot / bash'4:Test that you are no longer restricted with > 'chroot / bash' You can even call bash directly. Go figure! Andreas. -- Andreas Schwab, sch...@linux-m68k.org GPG Key fingerprint = 58CA 54C7 6D53 942B 1756 01D3 44D5 214B 8276 4ED5 "And now for something completely different."
