[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OT?: Turning a 486 into a OpenBSD dumb terminal (howto req)

At 10:55 AM 8/31/2001 -0400, you wrote:
>On Fri, Aug 31, 2001 at 09:04:14AM -0400, Joseph C. Bender wrote:
>> 	I'd forget having them logging in with any kind of shell prompt.  I've set
>> something similar up in the past using a script that was their default
>> shell, with the "#!" statement being "#! /bin/rksh" and then just launching
>> the telnet app to the catalog.  IF the user logs out, it returns to a
>> login, not a shell.  Log back in as guest/catalog/whatever and it telnets
>> back to the catalog box.
>Did you ever had any problem with user doing "! /bin/ksh" command
>at the telnet prompt (ctrl-])?
>It isn't enought to just use rksh. All the allowed to run programs
>must not contains escape to /bin/sh or run any command abilities.
>I is probably safer to build chroot environment instead with the
>needed command and its support library and devices.
	<stops, thinks about it...> Holy crap.

Yeah, you're right.  But most of my users wouldn't have thought of that,
which is beside the point.  I'd concur that chroot would be better.
Signing off, 

Joseph Bender
Dude, where's my car?  <http://map.findu.com/n8xre-9>
PGP key at keyserver or <mailto:jcbpgp_(_at_)_mutiny_(_dot_)_net> |  PGP Key ID: 0xB004CCED
My opinions are my own, and not whomever is cutting my paychecks.

"It's overkill of course, but you can never have too much overkill."