Did anybody try rbash on SLES8 SP3?, it's not working at all, if i put it as the default shell for the user it just works as a normal bash instance. If you call rbash once logged in it works as it should. This isn't happening with rksh on the same machine. CI.-
It's my understanding the rbash is just a symbolic link to bash. To find out, ls -lah `which rbash` My output is: lrwxrwxrwx 1 root root 14 Dec 1 2004 /usr/bin/rbash -> ../../bin/bash Tim Rainier Information Services, Kalsec, INC trainier@kalsec.com Ciro Iriarte <cyruspy@gmail.com> 09/22/2005 01:17 AM Please respond to Ciro Iriarte <cyruspy@gmail.com> To suse-security@suse.com cc Subject [suse-security] rbash not working!! Did anybody try rbash on SLES8 SP3?, it's not working at all, if i put it as the default shell for the user it just works as a normal bash instance. If you call rbash once logged in it works as it should. This isn't happening with rksh on the same machine. CI.- -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Hello, Am Freitag, 23. September 2005 16:47 schrieb trainier@kalsec.com:
It's my understanding the rbash is just a symbolic link to bash. To find out, ls -lah `which rbash`
My output is: lrwxrwxrwx 1 root root 14 Dec 1 2004 /usr/bin/rbash -> ../../bin/bash
Sure - but this doesn't explain why it behaves wrongly if used as login shell. Please note that many programs [1] have a different behaviour when $0 (the program name or symlink name) differ. [fullquote moved to /dev/null] Regards, Christian Boltz [1] examples: bzip2 / bunzip2 / bzcat gzip / gunzip / zcat fontlinge_dupe / fontlinge_reunion ;-) --
[lost password] Not that i know much of encrypted FS's, but id say you are pretty lost by then. Unless you can brutecrack the encryption with some forensics software... Start looking for post-it notes near the console.... [> Antun Balaz and Tom Knight in suse-security]
2005/9/23, Christian Boltz <suse-security@cboltz.de>:
Hello,
Am Freitag, 23. September 2005 16:47 schrieb trainier@kalsec.com:
It's my understanding the rbash is just a symbolic link to bash. To find out, ls -lah `which rbash`
My output is: lrwxrwxrwx 1 root root 14 Dec 1 2004 /usr/bin/rbash -> ../../bin/bash
Sure - but this doesn't explain why it behaves wrongly if used as login shell.
Please note that many programs [1] have a different behaviour when $0 (the program name or symlink name) differ.
[fullquote moved to /dev/null]
Regards,
Christian Boltz
[1] examples: bzip2 / bunzip2 / bzcat gzip / gunzip / zcat fontlinge_dupe / fontlinge_reunion ;-) --
[lost password] Not that i know much of encrypted FS's, but id say you are pretty lost by then. Unless you can brutecrack the encryption with some forensics software... Start looking for post-it notes near the console.... [> Antun Balaz and Tom Knight in suse-security]
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
And everything seems to be in order, after login, if i do an "echo $0" i get "-rbash", but it's not working as it should.... CI.-
Ciro Iriarte said:
And everything seems to be in order, after login, if i do an "echo $0" i get "-rbash", but it's not working as it should....
To see whether the current shell is restricted, you should execute "shopt -p restricted_shell". The output should look like this: bash-2.05$ rbash rbash-2.05$ shopt -p restricted_shell shopt -s restricted_shell Rbash is basically a bash started by a special name ("rbash") or the -r parameter. On some systems rbash is a link to bash while others maintain a separate copy of the binary. One potential source of problems is that the shell restrictions are enabled *after* the startup files were processed. And even in restricted mode, any allowed shell script is executed without restrictions. Maybe one your your startfiles opens up another interactive shell? HTH, Michel
2005/9/27, Michel Messerschmidt <lists@michel-messerschmidt.de>:
Ciro Iriarte said:
And everything seems to be in order, after login, if i do an "echo $0" i get "-rbash", but it's not working as it should....
To see whether the current shell is restricted, you should execute "shopt -p restricted_shell". The output should look like this: bash-2.05$ rbash rbash-2.05$ shopt -p restricted_shell shopt -s restricted_shell
Rbash is basically a bash started by a special name ("rbash") or the -r parameter. On some systems rbash is a link to bash while others maintain a separate copy of the binary.
One potential source of problems is that the shell restrictions are enabled *after* the startup files were processed. And even in restricted mode, any allowed shell script is executed without restrictions. Maybe one your your startfiles opens up another interactive shell?
HTH, Michel Well, it's definetly unrestricted, after login:
user@linux:~> echo $0 -rbash user@linux:~> shopt | grep restr restricted_shell off It's a clean install with SP3, didn't add anything weird homemade script or anything like that . CI.-
participants (4)
-
Christian Boltz -
Ciro Iriarte -
Michel Messerschmidt -
trainier@kalsec.com