Mar 14, 2012
Important note: lshell version 0.9.15 contains a serious bug that has been corrected in lshell-0.9.15.1. Please refrain from using previous versions.
I have just released a new version of lshell.
This release includes many new features and corrects many bugs and one major security bug.
Here is the complete changelog:
=== v0.9.15.1 15/03/2012 === * Corrected security bug allowing user to get out of the restricted shell. Thank you bui from NBS System for reporting this grave issue! === v0.9.15 13/03/2012 === * Set the hostname to the "short hostname" in the prompt. * Corrected traceback when "sudo" command was entered alone. Thank you Kiran Reddy for reporting this. * Added support for python2.3 as subprocess is not included by default. * Corrected the 'strict' behavior when entering a forbidden path. * Added short path promp support using the 'prompt_short' variable. * Corrected stacktrace when group did not exist. * Add support for empty prompt. * Fixed bugs when using $() and ``. * Corrected strict behavior to apply to forbidden path. * Added support for wildcard '*' when using 'cd'. * Added support for "cd -" to return to previous directory. * Updated security issue with non printable characters permitting user to get out of the limited shell. * Now lshell automatically reload its configuration if the configuration file is modified. * Added possibility to have no "intro" when user logs in. (by setting the intro configuration field to "") * Corrected multiple commands over ssh, and aliases interpretation. * Added possibility to use wildcards in path definitions. * Finally corrected the alias replacement loop.
To download lshell please refer to the wiki here.