Suggestion and offer for new restricted priviledged process system
emil.isberg at mds.mdh.se
Thu Jun 22 19:17:44 EDT 2000
On Thu, 22 Jun 2000, Nicolas Williams wrote:
>A few colleagues of mine and I came up with an idea for a restricted
>shell environment based on interposing system calls via pre-loaded
A few years back I developed such a library on Solaris 2.5.1...
>I've done some preliminary tests that indicate that this approach would
>work and have written about 1,000 lines of C consisting of most of the
>necessary system call wrappers. We do not have the resources at this
>time to continue this process, but since we do make use of SUDO, and
>since we want to be able to use such a restricted shell system we would
>consider contributing this source code to an open-source project such as
My oppinion is that sudo and such a shell is different approches, though
they might prove useful together in specific situation. Overall it's not a
good idea though.
>The exec*() wrapper would propagate the pre-loading of the restricted
>process system to any shell, editor and similar program exec()ed by the
>current process, but not to simple programs (this would be
Here is the problem: On most unixes I've tried you can't distinguish
between "simple programs" and "any shell, editor and similar
program" without specifying each and everyone in a configuration file.
And you can't specify each and everyone if you allow the users to write
their own programs or such things.
>Or the library could always be pre-loaded, though acting
>differently depending on the process hosting it (e.g., shells versus
>filters). Thus protecting against sub-shell abuses.
Same problem here...
>The system would never execute any untrusted programs with the library
>pre-loaded as it's trivial to write a program that would circumvent it.
I agree to that, but you can't trust any program (and most specific not
any shell) on the system.
>Is anyone on these lists interested?
Sure. Eventhough I'm sceptical to it's use I'd love to check it...
I know you're in search of yourself, I just haven't seen you anywhere.
More information about the sudo-workers