How to prevent VI from getting a shell?
Dan Bernstein
brnstnd at kramden.acf.nyu.edu
Tue Sep 18 21:57:46 AEST 1990
In article <1990Sep17.210110.26060 at robobar.co.uk> ronald at robobar.co.uk (Ronald S H Khoo) writes:
> I got around the problem by binary patching out the call to fork() in
> vi. Ugh. Also, I never found a way to defeat letting the user read and
> write files other than the current file. Any offers ?
A slightly brutish but correct solution is illustrated in the pty
package. You simply convert exclamation points, colons, and other
dangerous characters into something dull like a question mark.
% pty -0 tr \!: \?\? | pty vi
The only problem is that the user can't even type ! or : any more!
To kludge around this, convert ! into <esc>a! and : into <esc>a:.
You should also provide macros (not using ! or :) to allow whatever
restricted : commands the user might reasonably want.
This does, however, solve the stated problem.
(Be sure to disable keyboard interrupts, by the way.)
---Dan
More information about the Comp.unix.questions
mailing list