How to prevent VI from getting a shell?
Bernd Felsche
bernie at DIALix.UUCP
Sat Sep 22 01:55:46 AEST 1990
Well, so much for my suggestion about setting SHELL=/bin/true.
My suggestion was made on the spur of the moment, without
consideration for the :set shell=/bin/wizard feature.
Mind you, the SHELL trick does make it inconvenient, if not
impossible for casual users (Who knew about "set shell=" before
following this thread of discussion?)
I was not under the impression that a _secure_ environment was
required. As Dominic Dunlop of TSA points out, vi with all the
shell escape stuff disable is of limited use (IMHO:stuffed)
There are many unix editors with source code in the public domain or
available at no charge. Any of these could be knobbled to prevent
all but rudimentary editing. In the mean time, why not use cat?
:-)
In the case of a "secure" environment, users would be operating in a
chroot environment anyway... with a limited subset of commands...
only able to harm themselves.
bernie
More information about the Comp.unix.questions
mailing list