This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
wiki:security:rbash [2014/11/01 09:23] woglinde |
wiki:security:rbash [2014/11/01 10:00] woglinde [Security concerns] |
||
---|---|---|---|
Line 17: | Line 17: | ||
* no redirections via > and >> are allowed | * no redirections via > and >> are allowed | ||
* no calls of binaries via complete path | * no calls of binaries via complete path | ||
- | * no changes | + | * no changes |
But be aware, if rbash detects that a executebale is a shell-script it will be run with full bash. | But be aware, if rbash detects that a executebale is a shell-script it will be run with full bash. | ||
Line 93: | Line 93: | ||
</ | </ | ||
+ | ===== Security concerns ===== | ||
+ | There could be still problems to brake out of rbash, no one yet made a security audit of the linked x2go scripts, if they allow the execution of a real shell | ||
+ | via options. | ||
====== rbash as default shell (optional)====== | ====== rbash as default shell (optional)====== | ||
Line 98: | Line 101: | ||
to be fixed too. | to be fixed too. | ||
+ | In | ||
+ | <code bash> | ||
+ | / | ||
+ | </ | ||
+ | the lines with | ||
+ | |||
+ | <code bash> | ||
+ | system(" | ||
+ | </ | ||
+ | |||
+ | needs to be changed to | ||
+ | |||
+ | <code bash> | ||
+ | system(" | ||
+ | </ |