Patch to sh(1) that adds denying and logging features (user ID, username, process ID, parent process ID, parent process name, login name). Checks against /etc/sh.deny and if the parent/calling program is listed then execution is halted and logged.
e7f2e3bc323b328a675b4a4435ca103b1eb24ea40133b716e01a44446063df6e