Anonymous user
Untrusted environment: Difference between revisions
m
→{{header|UNIX Shell}}
m ({{header|dc}}) |
|||
Line 70:
=={{header|UNIX Shell}}==
=== Enclose variable references in double quotes ===
Variable references should be contained in double quotes to prevent an empty string causing an error as a result of omission during evaluation:
<lang sh># num=`expr $num + 1` # This may error if num is an empty string
num=`expr "$num" + 1` # The quotes are an improvement</lang>
=== Do not allow users to run programs that can launch a new shell ===
Traditional Unix provides a restricted mode shell (rsh) that does not allow the following operations:
* changing directory
* specifying absolute pathnames or names containing a slash
* setting the PATH or SHELL variable
* redirection of output
However, the restricted shell is not completely secure. A user can break out of the restricted environment by running a program that features a shell function. The following is an example of the shell function in vi being used to escape from the restricted shell:
<lang vi>vi
:set shell=/bin/sh
:shell</lang>
=== Use a chroot jail ===
Sometimes chroot jails are used to add a layer of security to
<lang bash>mkdir ~/jail
|