Prevent shell execution tag in command parameters

ghantoos / lshell

lshell is a shell coded in Python, that lets you restrict a user's environment to limited sets of commands, choose to enable/disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restriction, and more.

GNU General Public License v3.0

439 stars 111 forks source link

Prevent shell execution tag in command parameters #205

Closed emathias closed 1 month ago

emathias commented 5 years ago

For instance, if I want to allow 'echo', but prevent 'cat', how can I prevent users from doing:

$ echo "$(cat file.txt)"

For info, the 'forbidden' config does not catch command parameters

Thanks a lot for such a nice tool!

Best regards,

ghantoos commented 1 month ago

With the default config, I'm getting:

~$ echo "$(cat file.txt)"
*** forbidden syntax: echo "$(cat file.txt)"

This project has been inactive for a while, and this issue has been open for a long time without activity. I'm closing it to keep the issue tracker clean.

If this issue is still relevant to you, please feel free to reopen it or create a new one. Appreciate your understanding and support!