January 2018
Intermediate to advanced
376 pages
8h 45m
English
Content preview from Mastering Linux Security and Hardening
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Preventing users from using shell escapes
Certain programs, especially text editors and pagers, have a handy shell escape feature. This allows a user to run a shell command without having to exit the program first. For example, from the command mode of the Vi and Vim editors, someone could run the ls command by doing :!ls. Executing the command would look like this:
# useradd defaults fileGROUP=100HOME=/homeINACTIVE=-1EXPIRE=SHELL=/bin/bashSKEL=/etc/skelCREATE_MAIL_SPOOL=yes~~:!ls
The output would look like this:
[donnie@localhost default]$ sudo vim useradd[sudo] password for donnie:grub nss useraddPress ENTER or type command to continuegrub nss useraddPress ENTER or type command to continue
Now, imagine that you want Frank to be able to ...