Using UUCP under a BBS system???

[Brad Morrison]

In article <1990Feb13.214855.4265 at ddsw1.MCS.COM> karl at mcs.MCS.COM (Karl Denninger) writes:

>The second is the killer.  Let's say you don't want people getting to the
>shell, for whatever reason.  Here's a partial list of what you can't let
>them execute (even internally as a pager or mailer):
>	vi and friends (ex, view, etc)
>	more
>	mail
>	pg
>	most other editors
>	anything with a shell escape, or anything which can chain to an editor

>Why?  Well, you'd think that "SHELL=/bin/true;export SHELL" would protect
>you from the vi ":!".  It won't.  Try ":set shell ...." sometime inside vi,
>then a ":!...." and you'll be suitably shocked.

>The same problem exists with "more"; it can chain to "vi", and from there....

>There is no way to protect from this without source code to those utilities.
>Even if you "rsh" people they can screw you using this method.  Every scheme 
>we've tried (other than removing the shell from the system!) I've been able 
>to penetrate within a few minutes; "rsh" environments included.  Only a
>"chroot" environment provides reasonable safety.

What about having a wrapper around the real shells that only execs the
real one if the user id is below some threshold?  Then give your restricted
users IDs above the threshold.
--