Newsgroups: comp.unix.questions Path: utzoo!telly!eci386!jmm From: jmm@eci386.uucp (John Macdonald) Subject: Re: How to prevent VI from getting a shell? Message-ID: <1990Sep18.163019.14294@eci386.uucp> Keywords: vi Reply-To: jmm@eci386.UUCP (John Macdonald) Organization: Elegant Communications Inc. References: <501@trux.UUCP> <570@DIALix.UUCP> Date: Tue, 18 Sep 90 16:30:19 GMT In article <570@DIALix.UUCP> bernie@DIALix.oz.au (Bernd Felsche) writes: |In article <501@trux.UUCP> car@trux.UUCP (Chris Rende) writes: |>If I want to give someone access to VI and yet deny them access to a shell, |>how do I prevent the user from using VI's ":!" command? |> |>I have an application program which launches VI. I don't want the user to |>be able to get to a shell from VI. (I also don't want the user to be able |>to launch other commands from VI. I.e., No :!pwd, or !!sort, etc...). | |set SHELL in the environment to something which doest nothing, say |/bin/true. vi forks-execs whatever SHELL is defined to be, or the |shell if undefined. Sorry, that is insufficient. A user can just use the vi command ":set SHELL=/bin/sh" to change it to something usable. The only way to prevent shell access is to patch vi to prevent it. A copy of vi should be used, call it rvi or some such so that it doesn't get used by trusted users by mistake. Figuring out what has to be patched to disable all possible shell invokations is still a significant effort - and is specific to the particular machine you are running on - and will be a lot of work to figure out [easy to do afterward] - and you may still wonder whether you missed any variants [e.g. read and write have variants to run a program instead of using a file]. Perhaps a better solution would be to provide a more limited editor that is easier to check for any external command capability, if you can find one. -- Algol 60 was an improvment on most | John Macdonald of its successors - C.A.R. Hoare | jmm@eci386