Restricted shell
Encyclopedia
The restricted shell is a Unix shell
that restricts some of the capabilities available to an interactive user session, or to a shell script
, running within it. It is intended to provide an additional layer of security, but is insufficient to allow execution of entirely untrusted software. A restricted mode operation is found in the original Bourne shell
and its later counterpart bash, and in the Korn shell
. In some cases a restricted shell is used in conjunction with a chroot
jail, in a further attempt to limit access to the system as a whole.
The restricted mode of bash is used when bash is invoked in one of the following ways:
Similarly the Korn shell's restricted mode is produced by invoking it thus:
bash adds further restrictions, including:
Restrictions in the restricted Korn shell are much the same as those in the restricted Bourne shell.
being used to escape from the restricted shell:
vi
:set shell=/bin/sh
:shell
Unix shell
A Unix shell is a command-line interpreter or shell that provides a traditional user interface for the Unix operating system and for Unix-like systems...
that restricts some of the capabilities available to an interactive user session, or to a shell script
Shell script
A shell script is a script written for the shell, or command line interpreter, of an operating system. It is often considered a simple domain-specific programming language...
, running within it. It is intended to provide an additional layer of security, but is insufficient to allow execution of entirely untrusted software. A restricted mode operation is found in the original Bourne shell
Bourne shell
The Bourne shell, or sh, was the default Unix shell of Unix Version 7 and most Unix-like systems continue to have /bin/sh - which will be the Bourne shell, or a symbolic link or hard link to a compatible shell - even when more modern shells are used by most users.Developed by Stephen Bourne at AT&T...
and its later counterpart bash, and in the Korn shell
Korn shell
The Korn shell is a Unix shell which was developed by David Korn in the early 1980s and announced at USENIX on July 14, 1983. Other early contributors were AT&T Bell Labs developers Mike Veach, who wrote the emacs code, and Pat Sullivan, who wrote the vi code...
. In some cases a restricted shell is used in conjunction with a chroot
Chroot
A chroot on Unix operating systems is an operation that changes the apparent root directory for the current running process and its children. A program that is run in such a modified environment cannot name files outside the designated directory tree. The term "chroot" may refer to the chroot...
jail, in a further attempt to limit access to the system as a whole.
Invocation
The restricted mode of the Bourne shell sh, and its POSIX workalikes, is used when the interpreter is invoked in one of the following ways:- sh -r note that this conflicts with the "read" option in some sh variants
- rsh note that this may conflict with the remote shellRemote ShellThe remote shell is a command line computer program that can execute shell commands as another user, and on another computer across a computer network.The remote system to which rsh connects runs the rshd daemon...
command, which is also called rsh on some systems
The restricted mode of bash is used when bash is invoked in one of the following ways:
- rbash
- bash -r
- bash --restricted
Similarly the Korn shell's restricted mode is produced by invoking it thus:
- rksh
- ksh -r
Limited operations
The following operations are not permitted in a restricted shell:- changing directory
- specifying absolute pathnames or names containing a slash
- setting the PATH or SHELL variable
- redirection of output
bash adds further restrictions, including:
- limitations on function definitions
- limitations on the use of slash-ed filenames in bash builtins
Restrictions in the restricted Korn shell are much the same as those in the restricted Bourne shell.
Weaknesses of a restricted shell
The restricted shell is not completely secure. A user can break out of the restricted environment by running a program that features a shell function. The following is an example of the shell function in viVi
vi is a screen-oriented text editor originally created for the Unix operating system. The portable subset of the behavior of vi and programs based on it, and the ex editor language supported within these programs, is described by the Single Unix Specification and POSIX.The original code for vi...
being used to escape from the restricted shell:
vi
:set shell=/bin/sh
:shell