Here's how to stop shell escapes from vi
Wayne Schlitt
wayne at dsndata.uucp
Thu Sep 27 21:36:33 AEST 1990
In article <PA06YE4 at xds13.ferranti.com> peter at ficc.ferranti.com (Peter da Silva) writes:
> In article <1990Sep20.153105.28394 at naitc.naitc.com> karl at bbs.naitc.com (Karl Denninger) writes:
> > Without source code to "vi" there is NO WAY to prevent this. Believe me.
>
> adb -w /bin/vi
>
> Just zap the "/bin/sh" and the name of the "shell" variable.
ok, /bin/sh can be zapped easily, but i am not sure about the SHELL
variable. what to you zap it to? changing "SHELL" to "XXXXX" just
moves the problem, using unprintable characters probably wont solve it
either. would zapping the 'S' to a '\0' really work?
looking through the /bin/vi on our hp-ux system, there are also the
strings "shell" and "sh"... are those for the :shell commands? do
they need to be zapped?
i havent try any of this, but without source, it would be hard to
verify that all the holes are plugged. (note that i didnt say
impossible, 'cause with adb, _anything_ is possible :-)
-wayne
More information about the Comp.unix.sysv386
mailing list