Path: utzoo!attcan!uunet!know!samsung!munnari.oz.au!uniwa!DIALix!bernie
From: bernie@DIALix.UUCP (Bernd Felsche)
Newsgroups: comp.unix.questions
Subject: Re: How to prevent VI from getting a shell?
Summary: The SHELL environment variable
Keywords: vi
Message-ID: <570@DIALix.UUCP>
Date: 15 Sep 90 08:43:35 GMT
Expires: 30 Sep 90 00:00:00 GMT
References: <501@trux.UUCP>
Reply-To: bernie@DIALix.oz.au (Bernd Felsche)
Organization: DIALix Services, Perth Western Australia
Lines: 19

In article <501@trux.UUCP> car@trux.UUCP (Chris Rende) writes:
>If I want to give someone access to VI and yet deny them access to a shell,
>how do I prevent the user from using VI's "<ESC>:!" command?
>
>I have an application program which launches VI. I don't want the user to
>be able to get to a shell from VI. (I also don't want the user to be able
>to launch other commands from VI. I.e., No :!pwd, or !!sort, etc...).

set SHELL in the environment to something which doest nothing, say
/bin/true.  vi forks-execs whatever SHELL is defined to be, or the
shell if undefined.

Many applications allow SHELL escapes, and cause security holes
because they don't set the real user id before they shell-off.  Some
time ago I wrote a shell-wrapper which did the right thing before
allowing the user a real shell. The application program also
required a wrapper to set SHELL to the shell-wrapper.

bernie