On 7/25/05, Jon Drews <[EMAIL PROTECTED]> wrote: > On 7/25/05, Abel Talaversn Estevez <[EMAIL PROTECTED]> wrote: > > I need to create a particular but simple shell for a firewall running > > OpenBSD > > 3.6. The idea is create a user whose shell is a very limited one. > Hi: > > Operating ksh in restricted mode may fulfill your needs.
Oops - this is not true. I set up an account with rksh (ksh -r) and it is possible for the user to still switch shells. For the details on this see: Practical Unix & Internet Security, 3rd Edition by Simson Garfinkel, Gene Spafford, Alan Schwartz. The relevant material is on pages 576 to 578. Basically the restricted shell can be subverted and they advise using chroot. -- Kind regards, Jonathan
