Iron Bars SHell
Iron Bars SHell is a restricted Unix shell. The user can not step out of, nor access, files outside the home directory. Two ASCII configuration files are used for more control. The system administrator can define which commands may be executed by the user. No other executables are allowed. The admin also has the opportunity to define what kind of files the user may create. If a file has a certain extension (such as .mp3, .c, etc.), ibsh automatically erases it.
| Tags | Security Shells |
|---|---|
| Licenses | GPL |
| Operating Systems | POSIX BSD Linux |
| Implementation | C |
Recent releases
- 03 Jun 2005 13:32
Changes: A buffer overflow and 2 string bugs were fixed.
- 23 May 2005 05:31
Changes: A format string vulnerability in a syslog call was fixed. This vulnerability could have allowed users to access files outside the home directory.
- 15 May 2005 04:18
Changes: Two segfaults, caused by non-US characters and empty files, were fixed. Ctrl-Z is now ignored, and sample XTNL config files were added for help.
- 12 May 2005 11:18
Changes: Major bugfixes in the Makefile and the code. The messages about removing rights on illegal files are removed.
- 07 Apr 2005 19:23
Changes: In this release, the admin has the opportunity to create a separate cmds file for each user. This way the sysadmin has complete control over sensitive applications, which should only be allowed to a selected few. The admin also has the opportunity to create a separate xtns file for each user. The extensions policy has been changed. Now both globals.xtns and the user extension files will list the extensions that are _allowed_ ! While the code for the search of illegal/ dangerous material stored in user space is back, it will not erase any files any more. Instead, it will remove all rights from that file, so it can not be executed, or read. This is another "defense line" to stop the user to execute programs, stored in user space. The access to all Linux binaries and source code files stored in user space is now be blocked. Absolute path for restricted users cannot be longer then 255 characters. All files that are longer (with full path), will be renamed. There are also minor bugfixes.
- All comments
Recent commentsRe: Extensions
It is not to prevent the user to do anything. It is against the user using his/her shell account to store warez, mp3z, etc. It is also not a complete protection of course. But certainly better then do it manually for every user.
I could imagine some code checking on files for size, content, first couple of bytes, etc. to provide better protection against illegal repositories.
Extensions
Disallowing files by extension doesn't really prevent the user from doing anything. I can easily save an .mp3 with a .innocent (or any other arbitrary) extension.
Re: Not currently safe
There are a few spots, i know, but it is still in alpha. Anyways, as long as the user is not allowed to run anything on his own (and he is not), no problems should arise. I'm already working on the next version, which will add lots of logging too.
Not currently safe
I had a look at the sourcecode for version 0.1a and the code currently looks unsafe to use in practice due to a number of potential buffer overflows situations caused by failing to check the length of user input.