Re: build an appliance without a shell

[Rodney Thayer <rodney () canola-jones com>]

At 08:03 AM 3/4/2004 -0700, ken_i_m () fatair net wrote:
> On Thu, Mar 04, 2004 at 02:29:41AM -0800, arlen (arlen () hushmail com) wrote:
> > asked the S.E. about shells - does it have one? Is there any way of getting
> > a full interactive shell on this thing?
>
> I was just handed a task yesterday to build a single function "toaster" 
> to be hung outside the firewall on its own public IP.  I have thought 
> about building various appliance in the past so it is not a new idea. 
> Building an OS from the ground up using a linux kernel is not a big 
> deal either.  But after reading the thread from which I took the above 
> quote I am left with "shell == bad" therefore no shell.  ???

Shell == more vulnerable, at a minimum.

If you have stuff that needs to be executed in the box, do it in some
hardened manner.  Run programs to run programs, or at least harden
your scripts.  The main problem is that most of these "overweight
1-U servers running Linux" also have an unreasonanable amount of their
"product" constructed from lashed together shell scripts, which requires
a shell to execute.

_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
http://www.immunitysec.com/mailman/listinfo/dailydave