[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

If rbash is worthless, why not remove it and decrease bloat?

From: Linda Walsh
Subject: If rbash is worthless, why not remove it and decrease bloat?
Date: Fri, 15 Mar 2013 13:01:30 -0700
User-agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv: Gecko/20100228 Lightning/0.9 Thunderbird/ Mnenhy/

Greg Wooledge wrote:
> Honestly, a "restricted shell" is usually a pitiful thing that would be
> a joke, except it's not even funny.  
> I have no idea what the POSIX standard has to do with your question,
> though.
        Chet answered this in context:

Chet Ramey wrote:
> On 3/14/13 2:52 AM, Linda Walsh wrote:
>>      Is 'rbash' not part of POSIX? 
> Posix has chosen not to standardize the restricted shell, either `rsh' or
> `set -r'.
I had the erroneous belief that 'rbash' was something useful to some
people or was part of the POSIX standard.

As it is neither and provides little or no increased security over
chrooting a process as Chris mentioned:

Chris Down wrote:
> For the record running rbash without a chroot does not make any sense
> in reality, it's usually easy to break out of. 

Perhaps it would be doing a favor to users and allow some minor code
cleanup to simply get rid of the 'rbash'/restricted functionality.

It sounds like the idea isn't worth the increased bloat.

If it cannot be removed, then some people are using it with the false
expectation that it provides some increased security.  Better to get
rid of that than have someone think it is worth the extra bytes it takes
to implement.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]