[Linux-aus] What's the real story about Shellshock and Bash and vulnerabilities in Linux and OpenSource?
Russell Coker
russell at coker.com.au
Tue Sep 30 11:03:38 EST 2014
On Sun, 28 Sep 2014, James Polley <jamezpolley at gmail.com> wrote:
> > Or just have bash check argv [0] and if it's name is "sbash" just disable
> > most such functionality.
>
> I think you mean "rbash"? From "man bash":
>
> RESTRICTED SHELL
> If bash is started with the name rbash, or the -r option is supplied
> at invocation, the shell becomes
> restricted. A restricted shell is used to set up an environment
> more controlled than the standard
> shell. It behaves identically to bash with the exception that the
> following are disallowed
> or not performed:
rbash doesn't allow the "cd" command, that makes it useless for almost
everything you usually do with a shell.
I'd like a shell that works for most things you usually do and just disables
the more dangerous options. If bash was run in a way that didn't support any
inheritance of functions (IE functions only worked in the shell script that
defined them or from .bashrc etc) then almost no users or scripts would notice
a difference.
Basically I'd like another version named something like sbash to run in a way
that I could make it the default shell for new user accounts and have no-one
complain - IE anyone who wants to do something that needs regular bash would
be able to figure out chsh).
--
My Main Blog http://etbe.coker.com.au/
My Documents Blog http://doc.coker.com.au/
More information about the linux-aus
mailing list