Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

Re: [comp.unix.shell] Help creating a restricted shell

X-seq: zsh-users 606
From: Zoltan Hidvegi <hzoli@xxxxxxxxxx>
To: mdb@xxxxxxxxxxxx (Mark Borges)
Subject: Re: [comp.unix.shell] Help creating a restricted shell
Date: Wed, 15 Jan 1997 22:11:05 +0100 (MET)
Cc: zsh-users@xxxxxxxxxxxxxxx
In-reply-to: <vkiv4yllu5.fsf@xxxxxxxxxxxx> from Mark Borges at "Jan 15, 97 01:33:54 pm"
Organization: Dept. of Comp. Sci., Eotvos University, Budapest, Hungary
Phone: (36 1)2669833 ext: 2667, home phone: (36 1) 2752368

Zsh-3.1.1 will have restricted mode similar to bash and ksh.  It is already
ready and working, just waiting for the release.  This is controlled via a
new option, RESTRICTED.  This option is set when the command name used to
invoke zsh starts with the letter 'r' but the option can also be set with
setopt.  Once it is set, it cannot be unset.

The restricted option is only switched on after processing startup files.
In restricted mode, the SHELL, PATH, path, MODULE_PATH, module_path,
{E,}{U,G}ID, HISTSIZE, HISTFILE, USERNAME, LD_{,AOUT}{PRELOAD,LIBRARY_PATH}
parameters cannot be changed.  It is not possible to change the current
directory, to execute binaries with absoulte patchname and to use
redirections writing to a file.

The idea is to prohibit executing any binary code directly specified by the
user and to prevent writing to any file.

Zoltan

References:
- [comp.unix.shell] Help creating a restricted shell
  - From: Mark Borges

Messages sorted by: Reverse Date, Date, Thread, Author