[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: If rbash is worthless, why not remove it and decrease bloat?

From: Bob Proulx
Subject: Re: If rbash is worthless, why not remove it and decrease bloat?
Date: Fri, 15 Mar 2013 19:29:32 -0600
User-agent: Mutt/1.5.21 (2010-09-15)

Linda Walsh wrote:
> Greg Wooledge wrote:
> > Honestly, a "restricted shell" is usually a pitiful thing that would be
> > a joke, except it's not even funny.  
>       Chet answered this in context:
> Chet Ramey wrote:
> > Posix has chosen not to standardize the restricted shell, either `rsh' or
> > `set -r'.
> ----
> I had the erroneous belief that 'rbash' was something useful to some
> people or was part of the POSIX standard.

It may actually be useful to someone.  But no one has sighted one of
those someones in decades.  It would be great if we could actually
find a living person who uses it and would tell us why.  They must be
very rare.  They might be extinct.

It isn't impossible to use in a useful and secure way.  It is just so
difficult to use in a useful and secure way that I have never seen a
successful implementation.  However I have been on the receiving end
of unsuccessful implementations.  And they were trivial to break out
of so that I could do useful work.  Which in the end was good.

The problem is that it may actually be useful.  It basically just
creates a "petting zoo" type of low fence.  It may be argued that it
is useful that way.  It makes people feel good that they have a
barrier to keep the kids in.  But people in the know can still get
real work done.

> As it is neither and provides little or no increased security over
> chrooting a process as Chris mentioned:
> Chris Down wrote:
> > For the record running rbash without a chroot does not make any sense
> > in reality, it's usually easy to break out of. 

I think that was _with_ a chroot both and not just a chroot by itself.

> Perhaps it would be doing a favor to users and allow some minor code
> cleanup to simply get rid of the 'rbash'/restricted functionality.

I know I wouldn't shed any tears to see it go away.  And there is
always rksh for those people who still want a restricted shell.

> It sounds like the idea isn't worth the increased bloat.
> If it cannot be removed, then some people are using it with the false
> expectation that it provides some increased security.  Better to get
> rid of that than have someone think it is worth the extra bytes it takes
> to implement.

But is it worth the trouble to remove?  That would also create work
and would also potentially create an uproar in reverse for people who
are using the feature and would have it removed out from under them.

Features are easy to put in.  They are hard to take out.  Because
taking them out always hits someone.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]