lshell is a shell coded in Python, that lets you restrict a user's environment to limited sets of commands, choose to enable/disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restriction, and more.
GNU General Public License v3.0
434
stars
113
forks
source link
Configuration to minimize risk of shell escape #199
In light of the various unfixed shell escape issues (e.g. issues 147-9 & 151). Are there any configuration changes that I can make to try to prevent a user from escaping from lshell?
Several of the exploits make use of echo and as I don't need it I have removed it from the list of allowed commands.
I am running lshell version 0.9.16 on centos which I believe is the latest version that there is a package for.
In light of the various unfixed shell escape issues (e.g. issues 147-9 & 151). Are there any configuration changes that I can make to try to prevent a user from escaping from lshell?
Several of the exploits make use of echo and as I don't need it I have removed it from the list of allowed commands.
I am running lshell version 0.9.16 on centos which I believe is the latest version that there is a package for.
Here is an extract of my config:
allowed : ['ls','cd','ll','su','scp'] forbidden : [';', '&', '|','
','>','<', '$(', '${']