Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10 7/1/83; site rlgvax.UUCP Path: utzoo!linus!philabs!seismo!rlgvax!guy From: guy@rlgvax.UUCP Newsgroups: net.unix-wizards Subject: Re: Does 4.1BSD have a restricted shell? - (nf) Message-ID: <740@rlgvax.UUCP> Date: Fri, 1-Jul-83 22:07:53 EDT Article-I.D.: rlgvax.740 Posted: Fri Jul 1 22:07:53 1983 Date-Received: Sat, 2-Jul-83 22:38:35 EDT References: <191@ucbcad.UUCP> Organization: CCI Office Systems Group, Reston, VA Lines: 29 The System III manual lists "rsh" as restricting: the cd command setting $PATH commands with names containing / > and >> Also, while the .profile is running, those restrictions are not enforced, but any attempt to interrupt out of the .profile causes an immediate exit (why not just disable interrupts?). From poking over the V7 shell (and discovering that "rsh" and the builtin "test" command were there - or most of them, anyway), I found that the only member of the above list not enforced by the V7 "rsh" is the setting of $PATH; I believe the theory was that the .profile would say "readonly PATH". Is there a reason why the USG "rsh" hardwires in this restriction? Note that USG UNIX provides the same SHELL environment variable as 4.1BSD does; the USG "ed" uses this to decide if it's a "restricted ed" or not. "Restricted ed" prohibits any execution of UNIX commands, or any reference to files with a / in their name. The editor is restricted if the SHELL environment variable exactly equals "/bin/rsh" or if the editor was invoked as "red". Guy Harris {seismo,mcnc,we13,brl-bmd,allegra}!rlgvax!guy