On Wed, Jan 25, 2023 at 01:49:09PM -0500, Murali Selvaraj wrote:
> profile sh_restriction /bin/sh flags=(attach_disconnected,complain) {
> /tmp/** r,
> }
If a shell can read it, then a shell can execute it. The only real options
I can think of:
- prevent the shell from reading it
- modify the
On 1/25/23 10:49, Murali Selvaraj wrote:
Hi Christian,
Thanks for the explanation.
My requirement is to find a way to avoid/block the script (sh /tmp/foo.sh)
execution from directories like (/tmp/).
However I am unable to meet this requirement using the profile below.
cat bin.sh
profile
Hi Christian,
Thanks for the explanation.
My requirement is to find a way to avoid/block the script (sh /tmp/foo.sh)
execution from directories like (/tmp/).
However I am unable to meet this requirement using the profile below.
cat bin.sh
profile sh_restriction /bin/sh