secure_less.sh - chromiumos/platform/factory_installer - Git at Google

 #!/bin/bash

 # Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.

 # Opens "less" securely as the "nobody" user.  Only piping from stdin
 # is supported (there may be no command line arguments).

 set -e

 if [ $# -ne 0 ]; then
   echo "Usage: secure_less.sh" >& 2
   echo "(no command-line arguments are allowed)" >& 2
   exit 1
 fi

 # Disable EDITOR and SHELL, just in case.  Always use busybox less,
 # since it has no fancy features that could enable exploits.

 # We can switch back to only su if either of these bugs get fixed:
 # https://bugs.debian.org/663200
 # https://bugs.busybox.net/9231
 if sudo -h >/dev/null 2>&1; then
   set -x
   exec sudo -u nobody -s /bin/sh \
     -c "EDITOR=/bin/false SHELL=/bin/false busybox less"
 else
   set -x
   exec su -s /bin/sh \
     -c "EDITOR=/bin/false SHELL=/bin/false busybox less" - nobody
 fi
	#!/bin/bash

	# Copyright (c) 2014 The Chromium OS Authors. All rights reserved.
	# Use of this source code is governed by a BSD-style license that can be
	# found in the LICENSE file.

	# Opens "less" securely as the "nobody" user. Only piping from stdin
	# is supported (there may be no command line arguments).

	set -e

	if [ $# -ne 0 ]; then
	echo "Usage: secure_less.sh" >& 2
	echo "(no command-line arguments are allowed)" >& 2
	exit 1
	fi

	# Disable EDITOR and SHELL, just in case. Always use busybox less,
	# since it has no fancy features that could enable exploits.

	# We can switch back to only su if either of these bugs get fixed:
	# https://bugs.debian.org/663200
	# https://bugs.busybox.net/9231
	if sudo -h >/dev/null 2>&1; then
	set -x
	exec sudo -u nobody -s /bin/sh \
	-c "EDITOR=/bin/false SHELL=/bin/false busybox less"
	else
	set -x
	exec su -s /bin/sh \
	-c "EDITOR=/bin/false SHELL=/bin/false busybox less" - nobody
	fi