[Kde-kiosk] [introduction] John Vestrum
Martijn Klingens
kde-kiosk@mail.kde.org
Tue, 19 Mar 2002 09:55:50 +0100
On Tuesday 19 March 2002 10:52, Andreas Pour wrote:
> Make /bin/sh a link to a setguid pre-shell program that denies
> interactive shells and (1) compares scripts to a set of permitted
> scripts, and/or (2) only runs scripts that are owned by root and in some
> configurable PATH (/usr/bin, /bin, /opt/kde2/bin, etc.), and make the
> actual shell only executable by that group (i.e., "chmod o -x
> /bin/real_shell)? Of course the admins would be in this special group
> and so be able to execute shell commands.
>
> Just a thought.
Not very KDE-ish because it requires a lot of Unix shell and prompt fiddling,
but clever nevertheless. (And it requires a hell of a lot of work to setup
properly what commands are 'trusted'.)
Martijn