How to prevent VI from getting a shell?
Bernd Felsche
bernie at DIALix.UUCP
Sat Sep 15 18:43:35 AEST 1990
In article <501 at trux.UUCP> car at trux.UUCP (Chris Rende) writes:
>If I want to give someone access to VI and yet deny them access to a shell,
>how do I prevent the user from using VI's "<ESC>:!" command?
>
>I have an application program which launches VI. I don't want the user to
>be able to get to a shell from VI. (I also don't want the user to be able
>to launch other commands from VI. I.e., No :!pwd, or !!sort, etc...).
set SHELL in the environment to something which doest nothing, say
/bin/true. vi forks-execs whatever SHELL is defined to be, or the
shell if undefined.
Many applications allow SHELL escapes, and cause security holes
because they don't set the real user id before they shell-off. Some
time ago I wrote a shell-wrapper which did the right thing before
allowing the user a real shell. The application program also
required a wrapper to set SHELL to the shell-wrapper.
bernie
More information about the Comp.unix.questions
mailing list