Escaping from shell-scripts

[doug]

On Thu, 18 Nov 2010, Julian Fagir wrote:

> Hi,
>
> I'm planning a service with a login-user-interface. Thus, I want to restrict
> the user somehow to this script and to do nothing else.
>
> The straight-forward way would be to write this script, have all input parsed
> by read and then let the script act according to this input (let's assume
> that these tools are secure, it's just cp'ing and writing to
> non-sensitive files.
>
> Are there possibilities to escape from such a script down to a prompt?
>
> On the other hand, if I would take python for this, so a python-script is
> executed, are there ways to get to a generic python-prompt?
>
> The restriction to that script would be done by either setting the
> login-shell to that script, setting the ssh-command for that account/key (and
> ensuring that it can't be altered), or both.
>
>
> All in all, this is a more general question I have for quite a time: Can you
> use shell-scripts for security-relevant environments? Does an attacker have
> the possibility to escape from a script down to a prompt?
>
> I'm not that into shell-programming and there are too many legacies about
> terminals (some time ago, I had to cope with termcap...) and shells which one
> just can't all know.
> E.g., it was just a few days ago I found out what a terminal-stop means and
> that it is still interpreted by screen, though using it for several years now.
>
>
> Regards, Julian

If you make a program a shell AFAIK to escape is to logff. Bash has a chroot 
like facility that might work. However if you write a simple C program as a 
wrapper for your shell script and make that program a shell, I would think that 
is pretty secure.