[Next] [Previous] [Up] [Top] [Contents]
28.10 Additional Security Features in SunOS 5.X
28.10.1 Restricted Shell
Restricted shells allow you to control the user's environment. The restricted shell, rsh, allows the user to do everything allowed by sh, except:
- change directory
- set the value of $PATH
- specify the path of command names containing /
- redirect output (> and >>)
The restricted shell is /usr/lib/rsh. This should not be confused with the remote shell, which is /usr/bin/rsh.
Don't rely too heavily on the restricted shell. It's not that restricted. While you can't specify a command name that begins with "/", you can specify arguments that do. So if cat is in your path you could type:
% cat /etc/passwd
and have a look at the password file. Also, some programs, such as editors and telnet, allow you to escape out to a shell and editors can edit/view any file with read access allowed on the system.
Unix System Administration - 8 AUG 1996
[Next] [Previous] [Up] [Top] [Contents]