Escaping from shell-scripts

Lowell Gilbert freebsd-questions-local at
Thu Nov 18 16:36:48 UTC 2010

doug <doug at> writes:

> If you make a program a shell AFAIK to escape is to logff. Bash has a
> chroot like facility that might work. However if you write a simple C
> program as a wrapper for your shell script and make that program a
> shell, I would think that is pretty secure.

As long as you don't call anything that can create an inferior shell.
A common mistake when doing this kind of thing is to allow some file
editing or mail reading, using programs that have a "shell escape"

More information about the freebsd-questions mailing list