# escape shell-restricted user from its env



## _martin (Feb 5, 2016)

Hi, 

It's about my report: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=206946

I was told by "somebody" that this is probably not much of a concern for many and it's not taken too seriously. I guess it's not. Usually if you want to restrict user you jail him either completely or chroot with an option in sshd_config(5). 

But still you may have access to a specific devices (e.g. switches) were for some reason you didn't get the root access or vendor is locking you up. This way you can probably look around  

I reported this to Brocade as this is primarily where I found a way around it. Works perfectly on FreeBSD (rbash as a restricted shell), OpenBSD (rksh, MANPATH to be set to "/bin/csh -c /bin/csh)) and Solaris 10 (didn't have a chance to check on Solaris 11 yet), seems guys in OpenIndiana payed a bit more attention as it is not working (or I didn't try hard enough). 
Works on every Linux I tried too (including vendor specific like HMC from IBM). 

Bug reports where submitted to Brocade, FreeBSD and OpenBSD.


----------

