On Fri, 2002-02-01 at 21:11, Peter Eisentraut wrote:
> You could start the psql program with SHELL=/bin/false in the environment.
I just experimented with that; it doesn't stop you doing "\! sh". Do we
need a psql equivalent of rbash (restricted Bash shell)?
You will probably have to run psql in a severely restricted chroot
environment; or tweak the code of psql to eliminate the various
loopholes (\!, \g, \o).
Perhaps instead you should look into IP-tunnelling into the PostgreSQL
server through ssh. I think your aim should be not to run psql on the
server at all.
--
Oliver Elphick Oliver.Elphick@lfix.co.uk
Isle of Wight http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C
"And be not conformed to this world; but be ye transformed by the renewing of your mind, that ye may
provewhat is that good, and acceptable, and perfect, will of God." Romans 12:2
