diff options
author | Joe Rayhawk <jrayhawk@cobain.omgwallhack.org> | 2018-09-23 00:19:02 -0700 |
---|---|---|
committer | Joe Rayhawk <jrayhawk@cobain.omgwallhack.org> | 2018-09-23 00:19:02 -0700 |
commit | 8f2a63b936ddf781c5b591d76108b11579485f39 (patch) | |
tree | 1773ca6e0ccc2b82af67f5579a01a0af735a4510 /pinyadmin | |
parent | 77c04fb8f4eb0f061ac1d652f081f0a038e1803e (diff) | |
download | piny-code-8f2a63b936ddf781c5b591d76108b11579485f39.tar.gz piny-code-8f2a63b936ddf781c5b591d76108b11579485f39.zip |
pinyshell: use zsh and restrict read builtin
Along with rbash careening towards crazytown, rksh has some problematic
behavior around HISTFILE creation that forces us to use zsh. We are
additionally disabling the "read" builtin for extra safety. Other
builtins should maybe also be disabled in the future.
Diffstat (limited to 'pinyadmin')
-rw-r--r-- | pinyadmin/Makefile | 2 | ||||
-rwxr-xr-x | pinyadmin/bin/pinyshell | 4 | ||||
-rw-r--r-- | pinyadmin/debian/control | 2 | ||||
-rw-r--r-- | pinyadmin/zdotdir/zshenv | 1 |
4 files changed, 7 insertions, 2 deletions
diff --git a/pinyadmin/Makefile b/pinyadmin/Makefile index 2f679e7..d49547c 100644 --- a/pinyadmin/Makefile +++ b/pinyadmin/Makefile @@ -6,6 +6,8 @@ install: install -o root -g root -m 755 -d $(DESTDIR)/usr/bin $(DESTDIR)/usr/sbin install -o root -g root -m 755 bin/* $(DESTDIR)/usr/bin install -o root -g root -m 755 sbin/* $(DESTDIR)/usr/sbin + mkdir -p $(DESTDIR)/usr/share/piny/zdotdir + install -o root -g root -m 755 zdotdir/zshenv $(DESTDIR)/usr/share/piny/zdotdir clean: rm -rf man diff --git a/pinyadmin/bin/pinyshell b/pinyadmin/bin/pinyshell index 2cfc3cf..9a63b14 100755 --- a/pinyadmin/bin/pinyshell +++ b/pinyadmin/bin/pinyshell @@ -3,4 +3,6 @@ cd /srv/rbin umask 0022 export PATH=/srv/rbin -exec /bin/ksh -r "$@" + +export ZDOTDIR=/usr/share/piny/zdotdir +exec /bin/zsh-static -r "$@" diff --git a/pinyadmin/debian/control b/pinyadmin/debian/control index 93122fc..7e2df32 100644 --- a/pinyadmin/debian/control +++ b/pinyadmin/debian/control @@ -8,7 +8,7 @@ Standards-version: 3.9.1 Package: pinyadmin Architecture: all -Depends: ${perl:Depends}, ${misc:Depends}, libpiny-perl (>= 0.14), libgetopt-tabular-perl, moreutils, ksh +Depends: ${perl:Depends}, ${misc:Depends}, libpiny-perl (>= 0.14), libgetopt-tabular-perl, moreutils, zsh-static Description: Administrative programs for piny The command-line programs for day-to-day administrative tasks in the Piny infrastructure. diff --git a/pinyadmin/zdotdir/zshenv b/pinyadmin/zdotdir/zshenv new file mode 100644 index 0000000..a8924af --- /dev/null +++ b/pinyadmin/zdotdir/zshenv @@ -0,0 +1 @@ +disable read |