Here's how to stop shell escapes from vi
Martin Weitzel
martin at mwtech.UUCP
Sat Sep 22 21:07:31 AEST 1990
In article <11285:Sep2022:15:2090 at kramden.acf.nyu.edu> brnstnd at kramden.acf.nyu.edu (Dan Bernstein) writes:
Dan> X-Original-Subject: Protecting against downloads
Dan> In article <1990Sep20.153105.28394 at naitc.naitc.com> karl at bbs.naitc.com (Karl Denninger) writes:
> Without source code to "vi" there is NO WAY to prevent this. Believe me.
Dan> How fatalistic.
Dan> It's easy to prevent shell escapes from vi. All you have to do is make
Dan> sure that the : and ! characters aren't accessible from command mode.
Dan> This takes one command:
Dan> % pty -0 tr \:\! \?\? | pty vi
Maybe it's because I don't know exactly what `pty' does or I have missed
a smiley, but
- I can get an ex-promt from command mode also with "Q" and
can type "sh" from there (seems that "Q" should be disabled
as well)
- I can `execute buffers' with the "@" - a less known but very
useful feature (seems "@" would have to be disabled as well)
Dan> Can we stop discussing this problem now? It's solved.
Sure? Maybe there occur still some other possibilities.
--
Martin Weitzel, email: martin at mwtech.UUCP, voice: 49-(0)6151-6 56 83
More information about the Comp.unix.sysv386
mailing list