ghantoos / lshell

lshell is a shell coded in Python, that lets you restrict a user's environment to limited sets of commands, choose to enable/disable any command over SSH (e.g. SCP, SFTP, rsync, etc.), log user's commands, implement timing restriction, and more.
GNU General Public License v3.0
436 stars 111 forks source link

forbidden characters ignored at the beginning of command (no error) #94

Closed brbrady closed 9 years ago

brbrady commented 9 years ago

with '$(' in my list of forbidden characters in lshell.conf, I get the following output:

ben:~$ $() ben:~$ echo $() * forbidden syntax: echo $() ben:~$ $(ls -lha) ben:~$ echo $(ls -lha) * forbidden syntax: echo $(ls -lha) ben:~$ <(ls -lha) ben:~$ cat <(ls -lha) *\ forbidden syntax: cat <(ls -lha)

While my tests have shown that the command inside $() is not being executed, it seems that this should still throw an error and +=1 to the error/kick out counter.

brbrady commented 9 years ago

On second thought, after reviewing the responsible code, I don't have a problem with this behavior.