doug <d...@fledge.watson.org> writes:

> If you make a program a shell AFAIK to escape is to logff. Bash has a
> chroot like facility that might work. However if you write a simple C
> program as a wrapper for your shell script and make that program a
> shell, I would think that is pretty secure.

As long as you don't call anything that can create an inferior shell.
A common mistake when doing this kind of thing is to allow some file
editing or mail reading, using programs that have a "shell escape"
capability.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to