stsh is the systrace shell, useful in enforcing systrace usage on a system.
it is used to replace the normal user's login shell and spawn a correctly
systraced shell for their use. this therefore requires a comprehensive
systrace policy to be created.
stsh is available under a BSD license.
- OpenBSD (tested on 3.4-release, 3.5-release, and current)
1. build and install stsh as /bin/stsh
2. for every user you want to have under stsh (a systraced env), make
sure they are in the systrace class. man passwd(5) for how
to add them to this class. the class should look like this
3. test ... make sure you have a lot of systrace policies ready to go.
i created a test user, "stsh", for this purpose and logged in
as them a few times. tail -f /var/log/messages and you'll see
stuff like this:
Sep 23 22:45:57 gibbs systrace: deny user: stsh, prog: /bin/df, pid: 2318(2), policy: /bin/df, filters: 0, syscall: native-sigaction(46), args: 12
if you see that, fix up your policies. some base policies are
things you shouldn't do with stsh
you should NOT make a user's shell in /etc/passwd stsh. that
will just not work.
you should NOT attempt to use this without systrace policies. you won't
be able to log in.
don't use this software without being prepared to do a lot of work on your
end debugging your environment.
- stsh-0.3.1 -- current version
NOTE: NO FUNCTIONAL CHANGES SINCE 0.3! just some code cleanups to
get rid of lint warnings, and i added a manpage.
niels provos, dug song, eric jackson for ideas, systrace support, and patches.
gustavo's help with the login.conf(5) installation method.
can acar and justin heesemann for bugreports and testing.
jeff nathan for some help in getting 0.3 out the door.