disallowing subshell in More

jack at boring.UUCP jack at boring.UUCP
Tue Feb 12 23:27:59 AEST 1985


I thought I'd throw in my 10 cents worth :
Setting $SHELL is *NOT* going to work.

I remember using a games account, with SHELL set to something
funny. The way to get a shell was the following :
- Run a game that gave help.
- Ask for the helpfile (which was, of course, given to more)
- Startup 'vi' with the v command.
- do a ':set shell=/bin/sh'
- Type ':sh'
Et voila........

If you *really* want to make more secure, you should either use
chroot() to move the superuser off into the void (preferably
into a directory that cannot be reached by normal users),
or get rid of superuser permissions as soon as possible, e.g.
after opening all the files you need, do a fork(), a setuid(),
and then do with the files whatever you want.
-- 
	Jack Jansen, {decvax|philabs|seismo}!mcvax!jack
Notice new, improved, faster address         ^^^^^



More information about the Comp.unix.wizards mailing list