SECURITY ISSUE: Escape possible using special keys

ghantoos / lshell

lshell is a shell coded in Python, that lets you restrict a user's environment to limited sets of commands, choose to enable/disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restriction, and more.

GNU General Public License v3.0

435 stars 112 forks source link

SECURITY ISSUE: Escape possible using special keys #149

Closed Snawoot closed 8 years ago

Snawoot commented 8 years ago

Just type <CTRL+V><CTRL+J> after any allowed command and then type desired restricted command:

vladislav@dt1:~$ getent passwd testuser
testuser:x:1001:1002:,,,:/home/testuser:/usr/bin/lshell
vladislav@dt1:~$ su - testuser
Password: 
You are in a limited shell.
Type '?' or 'help' to get the list of allowed commands
testuser:~$ ?
cd  clear  echo  exit  help  history  ll  lpath  ls  lsudo
testuser:~$ bash
*** forbidden command: bash
testuser:~$ echo<CTRL+V><CTRL+J>
bash

testuser@dt1:~$ which bash
/bin/bash

ghantoos commented 8 years ago

Hi @Snawoot!

Thanks for reporting these major security issues. I am unfortunately away from my PC until tomorrow night. I'll do my best to work on this asap.

I also saw your Debian bug reports, as I am the Debian maintainer for lshell.

Cheers!

ghantoos commented 8 years ago

@Snawoot can you confirm that this fixes the issue you reported? Thanks! :)

Snawoot commented 8 years ago

@ghantoos Fix confirmed, thank you!

ghantoos commented 8 years ago

Reopening as issue is still there, using other control characters. See #148.