1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
|
#! /usr/bin/perl -w
#
# "Shell" for a restricted account, limiting the available commands
# Roland Mas, debian-sf (Sourceforge for Debian)
#
# Inspired from the grap.c file in Sourceforge 2.5
use strict ;
use vars qw/ @allowed_options @allowed_commands $errmsg @cmd / ;
use subs qw/ &reject / ;
no locale ;
use Text::ParseWords;
@allowed_options = ('-c', '-e') ;
@allowed_commands = ('cvs','scp','/usr/lib/openssh/sftp-server','svnserve','bzr','git-upload-pack','git-receive-pack','git-upload-archive') ;
# Clean up our environment
delete @ENV{qw(IFS CDPATH ENV BASH_ENV PATH)};
if ($#ARGV != 1) {
if ($#ARGV < 1) {
$errmsg = "Not enough arguments." ;
} else {
$errmsg = "Too many arguments." ;
}
&reject ;
}
if (scalar (grep { $_ eq $ARGV[0] } @allowed_options) == 0) {
$errmsg = "Option not allowed." ;
&reject ;
}
@cmd = shellwords ($ARGV[1]) ;
if ($#cmd < 0) {
$errmsg = "Command not allowed." ;
&reject ;
}
if (scalar (grep { $_ eq $cmd[0] } @allowed_commands) == 0) {
$errmsg = "Command not allowed." ;
&reject ;
}
exec @cmd ;
sub reject {
print "This is a restricted account.\n" .
"You cannot execute anything here.\n" .
# $errmsg . "\n" .
"Goodbye.\n" ;
exit 1 ;
}
|
