GNU find breaks out of the restricted shell

ghantoos / lshell

lshell is a shell coded in Python, that lets you restrict a user's environment to limited sets of commands, choose to enable/disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restriction, and more.

GNU General Public License v3.0

436 stars 112 forks source link

GNU find breaks out of the restricted shell #43

Closed norepl-coebos closed 11 years ago

norepl-coebos commented 11 years ago

Hello, I ran into a bug with the GNU find. Configuration is as follows:

path : ['/home/web2'] allowed : ['find']

$ ssh web1@localhost You are in a limited shell. Type '?' or 'help' to get the list of allowed commands web2:~$ find /proc * forbidden path -> "/proc/" * You have 1 warning(s) left, before getting kicked out. This incident has been reported. /proc /proc/mpt /proc/mpt/version /proc/mpt/summary

As soon as warning is printed the output of the find command from a forbidden path is dumped onto the terminal.

norepl-coebos commented 11 years ago

Traced this critical bug to this change:

commit 52f9426fbe6f2c4541d079e36ff649a2e3a5c230 Author: Ignace Mouzannar (ghantoos) ghantoos@ghantoos.org Date: Mon Dec 5 23:30:08 2011 +0400 corrected first check regex

if re.findall('[:cntrl:]', line):
if re.findall('[:cntrl:].*\n', line):

norepl-coebos commented 11 years ago

Emergency hotfix for branch 0.9.15.1: http://pastebin.ca/2356206

ghantoos commented 11 years ago

This has been corrected upstream.

~$ find /proc/
*** Forbidden path: /proc/