A new version of the Article Button plugin for Joomla 2.5 can be found here.

IT-Blog

Securing the RBASH?

If you are using the RBASH and the user has rights for example to call vi, he has the possibility to exit the shell by vi, also a "su exampleuser" would do the job, there are also possibilities to copy /bin/sh...... In this case the only thing i wanted to restrict the user to allow him to become root. Yes i know, the pro and cons about that, i decided that connecting by ssh to a user that has NO rights except su the root user and getting root if i need to change something is a good way.

As described earlier i added (modified) a user

useradd example -m -d /home/example -s /bin/rbash
usermod -s /bin/rbash example
passwd example

Then i edited his bash-profile and set the PATH only to his homedirectory.

vi /home/example/.bash_profile

I changed the part where the path-variable is set, it looks like this now:

# set PATH so it includes user's private bin if it exists
PATH=/home/example
#if [ -d ~/bin ] ; then
# PATH=~/bin:"${PATH}"
#fi

So this user has absolutely NO rights... cool Laughing Last step is to allow him to get root. That's done by creating a script, i named it suroot in /bin that contains the text "/bin/su root", of course you have to give it 755 rights afterwards. The very last step is to crate a link from the user home to the new script.

vi /bin/suroot
chmod 755 /bin/suroot
cd /home/example
ln -s /bin/suroot

I could not find a way to escape from this jailshell, sometimes i have overseen something, if so please let me know.


  • Abraxas

    Posted at 2011-02-03 17:47:30

    could not find a way to escape from this jailshell, sometimes i have overseen something, if so please let me know.

    Auf Kommentar antworten

Veröffentlichen Sie ihre Kommentare ...


Warning: Creating default object from empty value in /www/htdocs/w0101274/www/fairtec.at/modules/mod_udjacomments/helper.php on line 387