Here's how to stop shell escapes from vi
Ronald S H Khoo
ronald at robobar.co.uk
Sat Sep 29 08:47:54 AEST 1990
ant at brolga.cc.uq.oz.au (Anthony Murdoch) writes:
> If you change SHELL to something and then make vi unreadable then surely that
> makes it secure enough for you (unless of course you don't want to allow root
> to have a shell ;-)
NO! Security through obscurity doesn't work. Just leave the normal copy
of vi alone, and put the hacked copy of vi into your secure chrooted area.
Oh, and *don't* call the copy "vi" -- sysadmins might get confused and
link the original one back into the was-secure area, and anyway you
don't want to accidentally invoke it -- it gets VERY annoying when *you*
can't shell escape.
--
ronald at robobar.co.uk | +44 81 991 1142 (O) | +44 71 229 7741 (H) | YELL!
"Nothing sucks like a VAX" -- confirmed after recent radiator burst!
Hit 'R' <RETURN> to continue .....
More information about the Comp.unix.sysv386
mailing list