Using UUCP under a BBS system???

Conor P. Cahill cpcahil at virtech.uucp
Sat Feb 24 07:53:23 AEST 1990


In article <1134 at mtxinu.UUCP> frk at mtxinu.UUCP (Frank Korzeniewski) writes:
>Brads idea could be extended just a little bit to overcome your objections.
>Just use bash or ash for which the source is available and put the wrapper
>check on the user id into the shell source code.  Lets see a user get
>around this!!

Fine.  This could be done. However, you will still break any program that
does a popen(). (or calls a library routine that does a popen()).

In addition most system administrators will not
want to rely on anything other than the stock sh or csh for system 
administration work.  If you replaced /bin/sh with bash, you would be
opening lots of doors for lots of problems with the system administration
shell scripts.

If you are going to leave the real shell around somewhere else, then
you have the problem of the user's finding out where it is.


These kind of security problems have lots of quick answers, but with
a little thought a persistant person can get around most of them.  I still
think the "best" answer is to have the restricted persons run in a 
chroot()ed environment because there is no way to get out of there. 
-- 
+-----------------------------------------------------------------------+
| Conor P. Cahill     uunet!virtech!cpcahil      	703-430-9247	!
| Virtual Technologies Inc.,    P. O. Box 876,   Sterling, VA 22170     |
+-----------------------------------------------------------------------+



More information about the Comp.unix.i386 mailing list