Commit f5fca598 authored by Robert Ricci's avatar Robert Ricci

Initial checkin of paperbag and paperwrapper, restricted shell and wrapper

to call that shell, that will allow users to run programs on paper from
plastic.
parent f43bfce3
#!/usr/bin/perl -wT
# paperbag - Limited shell for use on ops.emulab.net
# Allows execution of commands found in a permitted list
# Also checks arguments for potentially dangerous characters (semicolons,
# pipes, redirects, etc)
# Robert Ricci, <ricci@cs.utah.edu>
# Novemeber 17, 2000
# TODO:
# Turn off coredumps in ourself, and our children
# Check to make sure only files/directories under user's $HOME can be
# passed as arguments, CD'ed to, etc
# Some kind of readline support?
# List of allowed commands - Mapping is from command entered by the user
# to the actual binary to run
$tb = "/usr/testbed/bin";
%allowed = ( "nalloc" => "$tb/nalloc",
"nfree" => "$tb/nfree",
"avail" => "$tb/avail",
# Here for testing - REMOVE LATER
"ls" => "/bin/ls");
# Since look up commands in the above, hash, we don't need a path..
$ENV{PATH} = "";
# Clean the environment of potentially nasty variables
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
$prompt = "paperbag> "; # Prompt for interactive commands
# Following message gets displayed to interactive users
$message = "This is a restricted shell, and will only allow you to run
a limited set of commands. For an unrestrictive shell, log into
ops.emulab.net\n";
$debug = 1;
$| = 1; # No line buffering, so that we can see the prompt
# Check for a leading dir= option, which tells us which directory to start from
if (@ARGV && ($ARGV[0] =~ /dir=(.*)/)) {
shift @ARGV;
&cd($1); # Change to given directory
}
if (@ARGV) { # We were given command line arguments
$interactive = 0;
$command = $ARGV[0];
@args = @ARGV[1 .. $#ARGV];
} else {
$interactive = 1;
}
if ($interactive) {
print $message;
}
do {{
if ($interactive) {
print $prompt;
($command, @args) = split /\s+/,<>;
}
# Don't allow any naughty characters - kick the user off if they try
foreach $string ($command, @args) {
if ($string !~ m|^([A-Za-z0-9._\-/]*)$|) {
print "Sorry, you used a forbidden character\n";
exit(-1);
} else {
$string = $1; # Untaint
&debug("No forbidden characters\n");
}
}
next unless $command; # Don't complain if they leave a blank command
# Strip off all path information from the command
$command =~ /([^\/]+)$/; $command = $1;
next unless $command; # Don't complain if they leave a blank command
&debug("Command = $command, @args = " . join ",",@args . "\n");
# 'builtin' commands
if ($command eq "exit") { $interactive = 0; last; } # Quit loop
if ($command eq "cd") {
if (@args > 1) {
print "cd: Too many arguments\n";
} else {
&cd($args[0]);
}
next;
}
if (!$allowed{$command}) {
print "$command is not in the allowed list, sorry\n";
} else {
# Exec ourselves to be SURE that a shell doesn't get called
# and do something insecure
my $pid = fork();
if ($pid == -1) { # fork failed
print "Unable to fork process - Error number $?\n";
} elsif ($pid) { # parent - wait for child to exit
wait;
} else { # child process
exec ($allowed{$command},@args) or
die "Unable to execute $command: $?\n";
}
}
}} while ($interactive);
# Change directory to the given directory, (TODO) checking whether
# it is appropriate to do so or not
sub cd {
my $dirname = shift;
chdir $dirname or print "Unable to change directories to $dirname\n";
}
sub debug {
if ($debug) { print @_; }
}
#!/usr/bin/perl
# Location of ssh program
$ssh = "/usr/local/bin/ssh";
# Location of ssh-add program
$add = "/usr/local/bin/ssh-add";
# Remote host to connect to
$host = "plastic.cs.utah.edu";
# Make sure they're running ssh-agent
if (!$ENV{SSH_AGENT_PID}) {
print "You should be running ssh-agent - To start it, run:\n";
print "eval `/usr/local/bin/ssh-agent`\n";
print "It would be a good idea to add this to your ~/.login file\n";
}
# FIXME: Maybe there's a better way to check for this?
if (!`$add -l | grep -v "no identities"`) {
system $add;
}
# Current working directory:
$cwd = $ENV{PWD};
# Now, do the magic
print "$ssh $host /home/ricci/paperbag dir=$cwd $0 @ARGV";
system "$ssh $host '/home/ricci/paperbag dir=$cwd $0 @ARGV'";
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment