disallowing subshell in More
dan at rna.UUCP
dan at rna.UUCP
Wed Feb 13 03:55:00 AEST 1985
x
> Does anyone know of a way to pipe a file to more and disallow a user from
> invoking a subshell while More is running?
>
> Here's the senario, I have a menu that allows certain users to have root
> access to several functions (unjamming the print queue, archiving &
> restoring files, etc). One of the options is to allow the user to get a
> listing of a tape archive to the screen (piped through More) which of course
> allows the user to type a '!sh<return>' and viola! a root shell.
But what's wrong with setuid()'ing before exec'ing more ? That is setuid()
to the original owner, chdir if you must after the fork() but before the exec()
on more.
Or maybe you could chroot() so that /bin/sh wouldn't be found. Just put
more and vi in that directory.
More information about the Comp.unix.wizards
mailing list