3

After years of reading helpful questions/answers on superuser, today it's my turn. I'm playing around with "lshell", a linux shell written in python (lshell on github) which gives the opportunity to whitelist commands that a user types into the console. After successfull installation, the shell is placed in 

/usr/bin/lshell

With the following command

chsh -s /usr/bin/lshell startup

I change the shell to be active for the user called startup. Now the user startup log in and execute the following whitelisted command

./start.sh

which starts a little java application that can itself execute commands on the command line. But now the application can run all available commands without taking care of the whitelist. A simple 

which bash

over the java application returns

/bin/bash

as current shell. Is there any possible way to force the user to the whitelist shell? I don't think that this is a problem with lshell. I tried the same procedure with rbash and got the same results.

Thanks in advance!

Improve this question
4
  • Take a look at SELinux.
    – Cyrus
    Commented Nov 28, 2015 at 19:11
  • 1
    what is the point of using a shell with white list, and then allow arbitrary command in the application ? innet application should run /bin/rbash or ishell.
    – Archemar
    Commented Nov 29, 2015 at 10:55
  • All files in this directory are uploaded via FTP from "random" users. The start.sh (not editable) starts the java application (also not editable) which can also execute other files that are uploaded by this random user. Logically, these files can execute some commands. But unfortunately with the wrong shell. Any ideas why?
    – J. Pee
    Commented Nov 29, 2015 at 16:58
  • If it matters, the whole scenario is placed in a linux container.
    – J. Pee
    Commented Nov 29, 2015 at 17:04

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .