Using /bin/sh to exec subsystems [PATCH]

[Patrick Higgins]

That's clever. I guess my only reservation about that sort of thing is I
prefer my security-critical code to be peer-reviewed, not something I
cook up myself. That's why I'd like to see the solution be a direct part
of OpenSSH (where I know it will be audited).

Your solution is very flexible, though. Perhaps we could put your script
(or a similar one) in the contrib directory so that everyone can at
least start with a well-written restricted shell, and hope that the
customization process doesn't ruin it?

-Pat

> The way I have set it up is a simple taint-mode enabled perl script, it
> checks for command options, and if it is a permitted program
> (sftp-server) then the server is run (hardcoded path).  If we get
> another subsystem, I just add an elsif.  If they specify nothing, they
> get a password change prompt (the inital reason for the script).
> 
> Andrew Bartlett