3
0
After years of reading helpful questions/answers on superuser, today it's my turn. I'm playing around with "lshell", a linux shell written in python (lshell on github) which gives the opportunity to whitelist commands that a user types into the console. After successfull installation, the shell is placed in
/usr/bin/lshell
With the following command
chsh -s /usr/bin/lshell startup
I change the shell to be active for the user called startup. Now the user startup log in and execute the following whitelisted command
./start.sh
which starts a little java application that can itself execute commands on the command line. But now the application can run all available commands without taking care of the whitelist. A simple
which bash
over the java application returns
/bin/bash
as current shell. Is there any possible way to force the user to the whitelist shell? I don't think that this is a problem with lshell. I tried the same procedure with rbash and got the same results.
Thanks in advance!
J. Pee
Posted 2015-11-28T18:36:08.890
Reputation: 61
Take a look at SELinux.
– Cyrus – 2015-11-28T19:11:31.2671what is the point of using a shell with white list, and then allow arbitrary command in the application ? innet application should run /bin/rbash or ishell. – Archemar – 2015-11-29T10:55:28.320
All files in this directory are uploaded via FTP from "random" users. The start.sh (not editable) starts the java application (also not editable) which can also execute other files that are uploaded by this random user. Logically, these files can execute some commands. But unfortunately with the wrong shell. Any ideas why? – J. Pee – 2015-11-29T16:58:16.753
If it matters, the whole scenario is placed in a linux container. – J. Pee – 2015-11-29T17:04:49.427