Thread: The " \! " and " \l " commands

The " \! " and " \l " commands

From
"Suporte"
Date:
Hi all,
 
Does anyone know how to disable the " \! " and " \l " commands ?
 
I´m using PostgreSql 7.1 on a Solaris 7.
 
The case is:
 
Users connect on another solaris through SSH with a shell developed by me in perl, and connect to the PGSQL_SERVER through psql. The problem is: when the user is on the PGSQL PROMPT and he types " \! /bin/sh ", he gets the /bin/sh on the server.
 
 
 
Here´s the shell :
 
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
#!/usr/bin/perl
#------------------------------------------------------------------------------
#                               Variaveis
#------------------------------------------------------------------------------
 
$mainmenu = '/usr/local/etc/wwrent/ssh_menu.txt';
$mysql_user_table = '/usr/local/etc/wwrent/mysql_users.txt';
$pgsql_user_table = '/usr/local/etc/wwrent/pgsql_users.txt';
$sendmail_dir = '/etc/mail';
$val_dominio = '/usr/local/etc/wwrent/ssh_users.txt';
$ENV{'SHELL'} = "/usr/local/bin/shell.pl";
 
#------------------------------------------------------------------------------
 
$myself = getlogin || getpwuid($<) || "nobody";
chop($mydir  = `pwd`);
main_loop();
 

#------------------------------------------------------------------------------
#                               Sub-rotinas
#------------------------------------------------------------------------------
 
sub main_loop{
   while (true){
        system("clear");
        print_menu($mainmenu);
        chop($opcao = <STDIN>);
        $opcao =~ tr/0-9/ /cs;
        $opcao =~ s/ //g;
        if (!opcao_valida($opcao)){
                print "Você escolheu uma opção inválida!\n";
                get_enter();
        }elsif ($opcao == 1){
                $mysql_user = get_mysql_user($myself);
                system "/usr/local/mysql/bin/mysql -h172.17.0.5 -u $mysql_user -p";
        }elsif ($opcao == 2){
                pgsql_loop();
        }elsif ($opcao == 3){
                system "/usr/local/bin/pine -i";
        }elsif ($opcao == 4){
                system "/bin/passwd";
                get_enter();
        }elsif ($opcao == 5){
                system "/usr/ucb/quota -v";
                get_enter();
        }elsif ($opcao == 6){
                exit;
        }else{
                print "Você escolheu a opção $opcao\n";
                get_enter();
        }
   }
}
 
sub print_menu{
        $menufile = shift;
        if (-e "$menufile"){
                open(in, "$menufile");
                for $line (<in>){
                        print "$line";
                }
        }else{
                print "Arquivo $menufile não encontrado\n";
        }
        print "Escolha uma das opções acima ---> ";
}
 
sub get_enter(){
        print "+-----------------------------------------------------------+\n";
        print "|                APERTE ENTER PARA CONTINUAR                |\n";
        print "+-----------------------------------------------------------+\n";
        chop($lixo = <STDIN>);
}
 
sub opcao_valida{
        $oque = shift;
        if (
            $oque == 1 ||
            $oque == 2 ||
            $oque == 3 ||
            $oque == 4 ||
            $oque == 5 ||
            $oque == 6
            )
        {
                return 1;
        }else{
                return 0;
        }
}
 
sub get_mysql_user{
        my($login) = shift;
        my(@lines) = `cat $mysql_user_table`;
        my($line,$unixl,$sqll);
        for $line (@lines){
                chop($line);
                ($unixl,$sqll) = split(/:/,$line);
                if ($unixl eq $login){
                        return $sqll;
                }
        }
        return $login;
}
 
sub get_pgsql_user{
        my($login) = shift;
        my(@lines) = `cat $pgsql_user_table`;
        my($line,$unixl,$sqll);
        for $line (@lines){
                chop($line);
                ($unixl,$sqll) = split(/:/,$line);
                if ($unixl eq $login){
                        return $sqll;
                }
        }
        return $login;
}
 
sub get_filename{
        my($filename);
        while (true){
                print "Digite o nome do arquivo: ";
                chop($filename = <STDIN>);
                if (!$filename){
                        return 0;
                }
                $first1 = substr($filename,0,1);
                $filename =~ tr/\./\./s;
                if ($first1 eq '/'){
                        print "O nome do arquivo não pode começar com /\n";
                }elsif (-e "$filename"){
                        return $filename;
                }else{
                        print "Arquivo $filename não encontrado\n";
                        print "Deseja criar esse arquivo? (s/n) ";
                        chop($resp = <STDIN>);
                        if ($resp eq 's' || $resp eq 'S'){
                                return $filename;
                        }
                }
        }
}
 
sub pgsql_loop{
        $pgsql_user = get_pgsql_user($myself);
        while(true){
                system "clear";
                $ENV{'PATH'} = "$ENV{'PATH'}:/usr/local/pgsql/bin";
                $ENV{'LD_LIBRARY_PATH'} = "$ENV{'LD_LIBRARY_PATH'}:/usr/local/pgsql/lib";
                print "Escolha a opção desejada: \n";
                print "\t1 - Executar o cliente psql\n";
                print "\t2 - Sair\n";
                print "\tSua Escolha--->";
                chop($resp = <STDIN>);
                if ($resp == 1){
                        print "\tDigite o nome da base de dados: ";
                        chop($bd = <STDIN>);
                        system "psql -h PGSQL_SERVER -U $pgsql_user $bd";
                }elsif ($resp == 2){
                        return;
                }
                get_enter();
        }
}
 
 
 
sub user_exists{
        my($login) = shift;
        my(@possible) = `grep $login:x /etc/passwd | cut -d: -f1`;
        for $pos (@possible){
                chop($pos);
                if ($pos eq $login){
                        return 1;
                }
        }
        return 0;
}
#--------------- End ---------------
 
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
 
Daniel Henrique Cassela
Support Analist - WWRent
cassela@wwrent.com.br
ICQ - 93631946
 

Re: The " \! " and " \l " commands

From
Peter Eisentraut
Date:
Suporte writes:

> Does anyone know how to disable the " \! " and " \l " commands ?

For outright disablement, you edit the file src/bin/psql/commands.c,
remove the portions that deal with these commands, and rebuild.

But...

> Users connect on another solaris through SSH with a shell developed by
> me in perl, and connect to the PGSQL_SERVER through psql. The problem
> is: when the user is on the PGSQL PROMPT and he types " \! /bin/sh ",
> he gets the /bin/sh on the server.

You could start the psql program with SHELL=/bin/false in the environment.

(I don't see what your situation has to do with \l.)

-- 
Peter Eisentraut   peter_e@gmx.net



Re: The " \! " and " \l " commands

From
Oliver Elphick
Date:
On Fri, 2002-02-01 at 21:11, Peter Eisentraut wrote:

> You could start the psql program with SHELL=/bin/false in the environment.

I just experimented with that; it doesn't stop you doing "\! sh". Do we
need a psql equivalent of rbash (restricted Bash shell)?
You will probably have to run psql in a severely restricted chroot
environment; or tweak the code of psql to eliminate the various
loopholes (\!, \g, \o).

Perhaps instead you should look into IP-tunnelling into the PostgreSQL
server through ssh.  I think your aim should be not to run psql on the
server at all.

--
Oliver Elphick                                Oliver.Elphick@lfix.co.uk
Isle of Wight                              http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839  932A 614D 4C34 3E1D 0C1C
    "And be not conformed to this world; but be ye       transformed by the renewing of your mind, that ye may
provewhat is that good, and acceptable, and perfect,      will of God."             Romans 12:2  

Re: The " \! " and " \l " commands

From
Tom Lane
Date:
Oliver Elphick <olly@lfix.co.uk> writes:
> Perhaps instead you should look into IP-tunnelling into the PostgreSQL
> server through ssh.  I think your aim should be not to run psql on the
> server at all.

I agree.  psql is meant to be run by the user, ie with end-user
permissions.  Trying to force it to be secure is swimming against
the tide.  Run it on the client side with the client's permissions,
or don't use it at all (there are plenty of alternatives...)
        regards, tom lane