From mboxrd@z Thu Jan  1 00:00:00 1970
From: "Hal Wigoda" <hwigoda@mindspring.com>
Subject: Re: Restricting shells...
Date: Tue, 24 Feb 2004 12:51:26 -0600
Sender: linux-admin-owner@vger.kernel.org
Message-ID: <01a201c3fb07$82b5ef10$616c56d1@DF69MK11>
References: <003701c3fafd$9ff50250$6f00000a@jenswin2k>
Reply-To: "Hal Wigoda" <hwigoda@mindspring.com>
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Return-path: <linux-admin-owner@vger.kernel.org>
List-Id: <linux-admin.vger.kernel.org>
Content-Type: text/plain; charset="us-ascii"
To: Jens Knoell <jens@surefoot.com>
Cc: Linux Admin <linux-admin@vger.kernel.org>

have the .bash_profile check to see if the user id is the id running the
cgi,
i.e. nobody or whichever user is running apache,
and then exit.

----- Original Message ----- 
From: "Jens Knoell" <jens@surefoot.com>
To: "Linux Admin" <linux-admin@vger.kernel.org>
Sent: Tuesday, February 24, 2004 11:42 AM
Subject: Restricting shells...


> This is kinda tricky:
>
> Situation:
> - A webserver, hosting a page which has CGIs enabled
> - Not-too-bright webdesigner putting up scripts that allow "escaping", by
> i.e. sending a receipient of someone@somewhere;/bin/bash -i
>
> I want to restrict _interactive_ bash shells (other shells are not a
concern
> yet). Is there _any_ way to do that, short of wrapping bash into a little
> program that checks by whom bash got called and with which parameters?
>
> Thanks
> Jens
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html