How to prevent VI from getting a shell?
Ray Shwake
shwake at raysnec.UUCP
Mon Sep 24 08:17:58 AEST 1990
brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:
>In article <77 at raysnec.UUCP> shwake at raysnec.UUCP (Ray Shwake) writes:
>> I suggest that, after predefining SHELL to something innocuous (I use
>> /bin/echo), patch the *set* reference in the binary to something with an
>> embedded space. So far, its proven quite tight. (Of course, if even THIS
>> leaves some obscure weakness, I'm sure someone will point it out to me!)
>The problem is that it completely prevents useful things like :set nu.
Ah, but the whole point of this exercise is to deny one functional
option (access to the shell) with minimal untoward effects. I could, of
course, argue that those who have no business in the shell are not the
sort who should be mucking about with "set" variables, or that those
variables could be pre-set before firing up VI.
Those suggesting non-standard, and unsupported alternatives like
'elvis' or 'pty' patches take us into uncharted territories. Mucking about
with standard ASCII characters like Q, ! and :, and then trying to compensate
for such a kludge is a definite no-no in THIS wizard's environment.
More information about the Comp.unix.questions
mailing list