scp without permitting shell access, possible?
Gary E. Miller
gem at rellim.com
Fri Dec 15 14:52:19 EST 2000
Yo Martin!
On Thu, Dec 14, 2000 at 06:35:29PM -0800, Martin Forssen wrote:
> You could write a custom login-shell for the user on the server which
> only allows execution of the scp program.
I have done this. I created a short program that sets up a
PATH that points to a directory (/usr/local/rbin) with just scp
in it. Then exec()s to bash as a restricted shell. Just a few
lines of C code and the user is now locked in with rbash.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 20340 Empire Ave, Suite E-3, Bend, OR 97701
gem at rellim.com Tel:+1(541)382-8588 Fax: +1(541)382-8676
// gem - 13 Sep 00
// Gary E. Miller <gem at rellim.com>
//
// Description:
// this is a cheap hack to be able to run a shell from /etc/passwd
// with command line arguments and a restricted PATH
//
#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
int main(int argc, char **argv)
{
int cnt = 0;
char **my_argv = NULL;
char **ptr_argv = NULL;
// get a new argv array
my_argv = calloc( argc + 5, sizeof(char*) );
if ( !my_argv ) {
// out of RAM !?
perror ( argv[0] );
// get out now
exit(2);
}
// limit the users PATH, rbash will enforce it
setenv("PATH", "/usr/local/rbin", 1);
// set up the argv array
my_argv[0] = "/bin/bash2"; // the command to run
my_argv[1] = "--restricted"; // restrict it
my_argv[2] = "--noprofile"; // really restrict it
// need to pass the command line args to rbash
// skip the first one (the name of this program)
for ( cnt = 1; cnt < argc ; cnt++ ) {
my_argv[cnt + 2] = argv[cnt];
}
my_argv[cnt + 2] = NULL; // terminate the list
// run the rbash
execv( "/bin/bash", my_argv);
// should return only on a serious error
perror( argv[0] );
exit(1);
}
More information about the openssh-unix-dev
mailing list