Restricting shells...

This is kinda tricky:

Situation:
- A webserver, hosting a page which has CGIs enabled
- Not-too-bright webdesigner putting up scripts that allow "escaping", by
i.e. sending a receipient of someone@somewhere;/bin/bash -i

I want to restrict _interactive_ bash shells (other shells are not a concern
yet). Is there _any_ way to do that, short of wrapping bash into a little
program that checks by whom bash got called and with which parameters?

Thanks
Jens

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: Restricting shells...

have the .bash_profile check to see if the user id is the id running the
cgi,
i.e. nobody or whichever user is running apache,
and then exit.

----- Original Message -----
From: "Jens Knoell"
To: "Linux Admin"
Sent: Tuesday, February 24, 2004 11:42 AM
Subject: Restricting shells...


> This is kinda tricky:
>
> Situation:
> - A webserver, hosting a page which has CGIs enabled
> - Not-too-bright webdesigner putting up scripts that allow "escaping", by
> i.e. sending a receipient of someone@somewhere;/bin/bash -i
>
> I want to restrict _interactive_ bash shells (other shells are not a
concern
> yet). Is there _any_ way to do that, short of wrapping bash into a little
> program that checks by whom bash got called and with which parameters?
>
> Thanks
> Jens
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html


-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html