summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoe Rayhawk <jrayhawk@cobain.omgwallhack.org>2018-09-23 00:19:02 -0700
committerJoe Rayhawk <jrayhawk@cobain.omgwallhack.org>2018-09-23 00:19:02 -0700
commit8f2a63b936ddf781c5b591d76108b11579485f39 (patch)
tree1773ca6e0ccc2b82af67f5579a01a0af735a4510
parent77c04fb8f4eb0f061ac1d652f081f0a038e1803e (diff)
downloadpiny-code-8f2a63b936ddf781c5b591d76108b11579485f39.tar.gz
piny-code-8f2a63b936ddf781c5b591d76108b11579485f39.zip
pinyshell: use zsh and restrict read builtin
Along with rbash careening towards crazytown, rksh has some problematic behavior around HISTFILE creation that forces us to use zsh. We are additionally disabling the "read" builtin for extra safety. Other builtins should maybe also be disabled in the future.
-rw-r--r--pinyadmin/Makefile2
-rwxr-xr-xpinyadmin/bin/pinyshell4
-rw-r--r--pinyadmin/debian/control2
-rw-r--r--pinyadmin/zdotdir/zshenv1
4 files changed, 7 insertions, 2 deletions
diff --git a/pinyadmin/Makefile b/pinyadmin/Makefile
index 2f679e7..d49547c 100644
--- a/pinyadmin/Makefile
+++ b/pinyadmin/Makefile
@@ -6,6 +6,8 @@ install:
install -o root -g root -m 755 -d $(DESTDIR)/usr/bin $(DESTDIR)/usr/sbin
install -o root -g root -m 755 bin/* $(DESTDIR)/usr/bin
install -o root -g root -m 755 sbin/* $(DESTDIR)/usr/sbin
+ mkdir -p $(DESTDIR)/usr/share/piny/zdotdir
+ install -o root -g root -m 755 zdotdir/zshenv $(DESTDIR)/usr/share/piny/zdotdir
clean:
rm -rf man
diff --git a/pinyadmin/bin/pinyshell b/pinyadmin/bin/pinyshell
index 2cfc3cf..9a63b14 100755
--- a/pinyadmin/bin/pinyshell
+++ b/pinyadmin/bin/pinyshell
@@ -3,4 +3,6 @@ cd /srv/rbin
umask 0022
export PATH=/srv/rbin
-exec /bin/ksh -r "$@"
+
+export ZDOTDIR=/usr/share/piny/zdotdir
+exec /bin/zsh-static -r "$@"
diff --git a/pinyadmin/debian/control b/pinyadmin/debian/control
index 93122fc..7e2df32 100644
--- a/pinyadmin/debian/control
+++ b/pinyadmin/debian/control
@@ -8,7 +8,7 @@ Standards-version: 3.9.1
Package: pinyadmin
Architecture: all
-Depends: ${perl:Depends}, ${misc:Depends}, libpiny-perl (>= 0.14), libgetopt-tabular-perl, moreutils, ksh
+Depends: ${perl:Depends}, ${misc:Depends}, libpiny-perl (>= 0.14), libgetopt-tabular-perl, moreutils, zsh-static
Description: Administrative programs for piny
The command-line programs for day-to-day administrative tasks in the Piny
infrastructure.
diff --git a/pinyadmin/zdotdir/zshenv b/pinyadmin/zdotdir/zshenv
new file mode 100644
index 0000000..a8924af
--- /dev/null
+++ b/pinyadmin/zdotdir/zshenv
@@ -0,0 +1 @@
+disable read