Preventing shells from being spawned
Rob Landley
rob at landley.net
Sun May 18 05:24:32 WST 2008
On Friday 16 May 2008 13:21:39 Korey Calmettes wrote:
> Hello,
>
> Back in 2005, there was a post from John Daz who would like to tunnel into
> an embedded system without providing a shell. It was responded by Matt who
> advised him to comment out line 70 of svr-session.c which read
> "&svrchansess,".
Just set your account's shell in /etc/passwd to some kind of gatekeeper
program. Whatever command line you run is always invoked through that
program, and it doesn't have to be a shell. (Try setting it to "/bin/echo"
and then play around with the result.)
Rob
--
"One of my most productive days was throwing away 1000 lines of code."
- Ken Thompson.
More information about the Dropbear
mailing list