Escaping from shell-scripts
Lowell Gilbert
freebsd-questions-local at be-well.ilk.org
Thu Nov 18 16:36:48 UTC 2010
doug <doug at fledge.watson.org> writes:
> If you make a program a shell AFAIK to escape is to logff. Bash has a
> chroot like facility that might work. However if you write a simple C
> program as a wrapper for your shell script and make that program a
> shell, I would think that is pretty secure.
As long as you don't call anything that can create an inferior shell.
A common mistake when doing this kind of thing is to allow some file
editing or mail reading, using programs that have a "shell escape"
capability.
More information about the freebsd-questions
mailing list