I am in the process of setting up a restricted environment for a K12
site. Each users .profile is a link to /usr/local/retc/.profile and
all of the executables users can perform are in /usr/local/rbin. This
includes a menu script, lynx, gopher, ftp, telnet, pine, ls, rm, and rsh.
The users PATH is limited to this directory, execution is limited to
choosing numbers from the menu.
I am running gopher with the -s flag to stop shell escapes here, I have
a version of telnet with no 'z' command. But I can see a few problems
with a few of the clients and commands I will need them to be able to
execute - hence this message.
1. Is there an ftp client available that does not allow for the '!' shell
escape command. I'd prefer them to not even see their shell (btw, if they
do get 'out' they cannot change shells).
2. Is there a shell escape for lynx? And can it be stopped?
3. I set up the pine.conf.fixed config file to set global parameters, one
option is enabling/disabling features such as 'enable-suspend' and 'enable-
unix-pipe-cmd' - both of these I want to disable entirely but it appears
such configs can be changed for a session - is there a work around for this?
Or am I missing something in the pine.conf.fixed that allows me to set these
4. I was planning on having users change their passwords from within the
Pine config - however, due to the restricted shell and path they cannot
execute /bin/passwd. I am now wanting to cp /bin/passwd /usr/local/rbin -
are there any issues associated with this. A new menu addition will be
added allowing users to run /usr/local/rbin/passwd from this menu.
5. Are there any other shell escapes I am missing?
Some may question why we want such a limited environment. I tend to agree
but understand this K-12's need to at least plug the most obvious holes
that once one 14 year old knows the whole school knows..