Script as login shell
From: Robert Kane (rkane_at_scs.carleton.ca)
Date: 10/04/04
- Next message: Stepan Kasal: "Re: Sorting by basename of file"
- Previous message: Dana French: "Re: parsing options with getopts"
- Next in thread: Stephane CHAZELAS: "Re: Script as login shell"
- Reply: Stephane CHAZELAS: "Re: Script as login shell"
- Reply: Barry Margolin: "Re: Script as login shell"
- Reply: Bill Marcum: "Re: Script as login shell"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: 4 Oct 2004 15:15:23 GMT
Good afternoon,
I have a quick question. I'm in the process of putting in place a short
shell script as a login script for certain users. The script simply checks
where the user is logging in from and then dumps them into an appropriate
shell based on that information. Checking the web reveals that using a shell
script as a login shell is possibly dangerous for the following reasons:
1) When logging in via telnet environment variables are inherited. Is
this still relevant with SSH though? I don't believe so, but I could be
wrong.
2) If the script is setuid the user can hijack it and become root. The
script isn't setuid though, so I'm assuming this isn't a problem.
3) The user can exit out of script and gain script. This doesn't bother
me _too_ much, as I'm just dumping them to a shell eventually anyway just so
long as they don't get administrative privileges.
4) The user can subvert the script if it doesn't use absolute paths.
Mine does though and it runs as the user anyway.
Am I more or less OK security wise (as I believe) or am I missing something.
Thanks,
Rob
- Next message: Stepan Kasal: "Re: Sorting by basename of file"
- Previous message: Dana French: "Re: parsing options with getopts"
- Next in thread: Stephane CHAZELAS: "Re: Script as login shell"
- Reply: Stephane CHAZELAS: "Re: Script as login shell"
- Reply: Barry Margolin: "Re: Script as login shell"
- Reply: Bill Marcum: "Re: Script as login shell"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
