execute terminal command in isolated unix environment

Question

I am writing a webapplication in which users are able to execute git, bzr, and hg commands on the server. Basically, a user writes the git/bzr/hg command into a html form, hits a button, the command is sent to the server, and executed in the directory the user owns.

How can I make this secure? I need to be able to execute a bash command which can only access and change one specific directory. And preferably, the directory in which the command is execute should not contain additional files. I think this is necessary for chroot.

ssh will help a lot but depends on your setup how easy will be to implement this. What have you tried so far? — Memos Electron, Oct 29 '12 at 13:53
Chroot sounds like the way to go. If you can't use that, you must parse the command yourself and then rebuild a safe version before passing it on to the shell. — amaurea, Oct 29 '12 at 14:03

score 0 · Accepted Answer · answered Oct 29 '12 at 14:33

0

As always with user input, check it before passing it further to any command.

Is it a valid git/bzr/hg subcommand
Are there semicolons with additional unrelated commands
...

You can try running the commands in a restricted shell (bash -r), which prevents a few things.

The safer, though more complex, solution, is of course a chroot or even better a virtual machine.

answered Oct 29 '12 at 14:33

Olaf Dietsche

72,253
8
102
198

lxc seems to be an alternative to chroot. Unfortunately, I was not able to implement my use case till now ... – David Graf Oct 29 '12 at 15:12
`lxc` is basically a chroot extended to other areas as well. – Olaf Dietsche Oct 29 '12 at 15:37

execute terminal command in isolated unix environment

1 Answers1