Restricted shell

The restricted shell is a Unix shell that restricts some of the capabilities available to an interactive user session, or to a shell script, running within it. It is intended to provide an additional layer of security, but is insufficient to allow execution of entirely untrusted software. A restricted mode operation is found in the original Bourne shell[1] and its later counterpart bash,[2] and in the Korn shell.[3] In some cases a restricted shell is used in conjunction with a chroot jail, in a further attempt to limit access to the system as a whole.

Invocation

The restricted mode of the Bourne shell sh, and its POSIX workalikes, is used when the interpreter is invoked in one of the following ways:

The restricted mode of bash is used when bash is invoked in one of the following ways:

Similarly the Korn shell's restricted mode is produced by invoking it thus:

Setting Up rbash

For some systems (e.g., CentOS), the invocation through rbash is not enabled by default, and the user obtains a command not found error if invoked directly, or a login failure if the /etc/passwd file indicates /bin/rbash as the user's shell.

It suffices to create a link named rbash pointing directly to bash. Though this invokes bash directly, without the -r or --restricted options, bash does recognize that it was invoked through rbash and it does come up as a restricted shell.

This can be accomplished with the following simple commands (executed as root, either logged in as user root, or using sudo):

root@host:~# cd /bin
root@host:/bin# ln bash rbash

Limited operations

The following operations are not permitted in a restricted shell:

bash adds further restrictions, including:[2]

Restrictions in the restricted Korn shell are much the same as those in the restricted Bourne shell.[4]

Weaknesses of a restricted shell

The restricted shell is not secure. A user can break out of the restricted environment by running a program that features a shell function. The following is an example of the shell function in vi being used to escape from the restricted shell:

user@host:~$ vi
:set shell=/bin/sh
:shell

Or by simply starting a new unrestricted shell, if it is in the PATH, as demonstrated here:

user@host:~$ rbash
user@host:~$ cd /
rbash: cd: restricted
user@host:~$ bash
user@host:~$ cd /
user@host:/$

List of programs

Beyond the restricted modes of usual shells, specialized restricted shell programs include:

See also

References

  1. POSIX sh specification
  2. 1 2 GNU Bash manual
  3. ksh manual, Solaris (SunOS 5.10) manual page, Oracle Inc.
  4. ksh(1) manual page, IBM AIX documentation set
  5. Costales, Bryan; Assmann, Claus; Jansen, George; Shapiro, Gregory Neil (2007). Sendmail. Oreilly Series (4 ed.). O'Reilly Media, Inc. p. 379. ISBN 9780596510299. Retrieved 2012-08-02. As an aid in preventing [...] attacks, V8.1 sendmail first offered the smrsh (sendmail restricted shell) program.
This article is issued from Wikipedia - version of the 12/1/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.