restricted shell allows escape to child

[Pete Nesbitt]

Configuration Information [Automatically generated, do not change]:
Machine: i686
OS: linux-gnu
Compiler: gcc
Compilation CFLAGS:  -DPROGRAM='bash' -DCONF_HOSTTYPE='i686' 
-DCONF_OSTYPE='linux-gnu' -DCONF_MACHTYPE='i686-pc-linux-gnu' 
-DCONF_VENDOR='pc' -DSHELL -DHAVE_CONFIG_H  -I.  -I. -I./include -I./lib 
-D_GNU_SOURCE  -O2 -g -march=i386 -mcpu=i686
uname output: Linux nebula.nesbitt.sooke 2.4.20-20.8 #1 Mon Aug 18 14:39:22 
EDT 2003 i686 athlon i386 GNU/Linux
Machine Type: i686-pc-linux-gnu

Bash Version: 2.05b
Patch Level: 0
Release Status: release

Description:
        When using 'bash -r' or 'set -r' in .bashrc the user can call another 
shell and the restrictions such as 'cd' no longer apply until you exit the 
new shell and return to the restricted environment. When a second shell is 
called the restrictions fail (I though calling bash by name (not a sym link) 
was working but now even that allows an escape. This may be specific to Red 
Hat 8 and may be a problem with their compiled rpm, but I felt it is 
important.

Repeat-By:
        -from my home dir, run "set -r" to move ro reatricted shell.
        -'cd /tmp' fails, '/bin/sh' fails,
        -however, the path is still availble so 'bash', 'sh' etc still work.
        -from there, I have no restrictions until I exit the spawned shell.

Fix: 
 (I know this is not the fix your talking about but it is how I resolved  it.)
        -I have a manual work around in place that strips the env & sets the 
path to the users ~/bin only, in .bash_profile, the .bashrc has 'set -r'. The 
user in this case does not have read or write to his home dir but it is a 
special purpose account. 

Thanks.
-- 
Pete Nesbitt
RHCE
Linux+  Network+  A+

http://nesbitt.yi.org
_________________________________
 "If your only tool is a hammer,
     every problem looks like a nail"
_________________________________