[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: If rbash is worthless, why not remove it and decrease bloat?

From: Chris Down
Subject: Re: If rbash is worthless, why not remove it and decrease bloat?
Date: Sun, 17 Mar 2013 07:49:41 +0800
User-agent: Mutt/1.5.21 (2010-09-15)

On 2013-03-16 23:06, Pierre Gaston wrote:
> On Sat, Mar 16, 2013 at 6:28 PM, Chris Down <address@hidden> wrote:
> > On 2013-03-16 12:13, Chet Ramey wrote:
> >> > If it cannot be removed, then some people are using it with the false
> >> > expectation that it provides some increased security.  Better to get
> >> > rid of that than have someone think it is worth the extra bytes it takes
> >> > to implement.
> >>
> >> Folks cling tightly to their ideas about what should and should not be in
> >> bash and how it should behave.  I'm comfortable with leaving the restricted
> >> shell feature in the current state and allowing users or distributions to
> >> disable it at their option.  The `bloat' is not significant enough to be a
> >> factor.
> >
> > I agree in general, however, I would be in favour of at least adding 
> > something
> > to the man page that indicates rbash should not be considered secure except 
> > in
> > very specific implementations. I've dealt with too many people that falsely
> > think it increases security (although, whether these are the sort of people 
> > to
> > read man pages over ill-informed garbage on some guy's "Linux blog", I don't
> > know).
> >
> > Chris
> I don't think the manual gives this impression as it is.
> It doesn't say "secure" but "more controlled" and I think the way it
> is described really force the possible user to think about what rbash
> really provides.

I didn't say that it gives the impression that rbash is secure. What I'm saying
is that the manual doesn't say that *it isn't*, which is true in the vast
majority of rbash deployments. It is a good thing to make the user think about
their deployment, but it's not a good thing to not say off the bat that this is
generally not a secure method of issuing a user with a restricted command set.

We can quite easily add some text that states that you should be very careful
deploying rbash without undermining the user having to think about their
implementation. The reality is I cannot think of any modern reason to implement
rbash, excepting situations where it would be insecure.

Basically, the general rule should be "don't use rbash". That's not something
people seem to disagree on.


Attachment: pgpHJqN_jJrmP.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]