Projects / Iron Bars SHell

Iron Bars SHell

Iron Bars SHell is a restricted Unix shell. The user can not step out of, nor access, files outside the home directory. Two ASCII configuration files are used for more control. The system administrator can define which commands may be executed by the user. No other executables are allowed. The admin also has the opportunity to define what kind of files the user may create. If a file has a certain extension (such as .mp3, .c, etc.), ibsh automatically erases it.

Operating Systems

Recent releases

  •  03 Jun 2005 20:32

    Release Notes: A buffer overflow and 2 string bugs were fixed.

    •  23 May 2005 12:31

      Release Notes: A format string vulnerability in a syslog call was fixed. This vulnerability could have allowed users to access files outside the home directory.

      •  15 May 2005 11:18

        Release Notes: Two segfaults, caused by non-US characters and empty files, were fixed. Ctrl-Z is now ignored, and sample XTNL config files were added for help.

        •  12 May 2005 18:18

          Release Notes: Major bugfixes in the Makefile and the code. The messages about removing rights on illegal files are removed.

          •  08 Apr 2005 02:23

            Release Notes: In this release, the admin has the opportunity to create a separate cmds file for each user. This way the sysadmin has complete control over sensitive applications, which should only be allowed to a selected few. The admin also has the opportunity to create a separate xtns file for each user. The extensions policy has been changed. Now both globals.xtns and the user extension files will list the extensions that are _allowed_ ! While the code for the search of illegal/ dangerous material stored in user space is back, it will not erase any files any more. Instead, it will remove all rights from that file, so it can not be executed, or read. This is another "defense line" to stop the user to execute programs, stored in user space. The access to all Linux binaries and source code files stored in user space is now be blocked. Absolute path for restricted users cannot be longer then 255 characters. All files that are longer (with full path), will be renamed. There are also minor bugfixes.

            Recent comments

            25 Mar 2005 10:36 nagyat

            Re: Extensions
            It is not to prevent the user to do anything. It is against the user using his/her shell account to store warez, mp3z, etc. It is also not a complete protection of course. But certainly better then do it manually for every user.
            I could imagine some code checking on files for size, content, first couple of bytes, etc. to provide better protection against illegal repositories.

            25 Mar 2005 10:24 mpComplete

            Disallowing files by extension doesn't really prevent the user from doing anything. I can easily save an .mp3 with a .innocent (or any other arbitrary) extension.

            25 Mar 2005 10:00 nagyat

            Re: Not currently safe
            There are a few spots, i know, but it is still in alpha. Anyways, as long as the user is not allowed to run anything on his own (and he is not), no problems should arise. I'm already working on the next version, which will add lots of logging too.

            25 Mar 2005 08:55 ImranGhory

            Not currently safe
            I had a look at the sourcecode for version 0.1a and the code currently looks unsafe to use in practice due to a number of potential buffer overflows situations caused by failing to check the length of user input.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.