I made this, it might be interesting to anyone looking to implement something like rssh, or to un-retire rssh itself: it allows you to execute a program but trap any calls to libc exec* syscall wrappers that the program might make:
https://github.com/ncleaton/libcallfilt It provides a second line of defense if you've tried to block all of the options that could exec arbitrary things but you may have missed something.
_______________________________________________ rssh-discuss mailing list rssh-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rssh-discuss
