Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!yale!cmcl2!kramden.acf.nyu.edu!brnstnd
From: brnstnd@kramden.acf.nyu.edu (Dan Bernstein)
Newsgroups: comp.unix.questions
Subject: Re: How to prevent VI from getting a shell?
Message-ID: <13150:Sep2104:06:2890@kramden.acf.nyu.edu>
Date: 21 Sep 90 04:06:28 GMT
References: <1990Sep17.210110.26060@robobar.co.uk> <26243:Sep1811:57:4690@kramden.acf.nyu.edu> <1990Sep19.102407.1529@dce.ie>
Organization: IR
Lines: 18

In article <1990Sep19.102407.1529@dce.ie> em@dce.ie (Eamonn McManus) writes:
> This doesn't stop the user from typing Q to get into ex mode, then giving
> the command `shell', unless you want to make `Q' a dangerous character.
> Mapping Q to <ESC>aQ is too nasty because then you can't insert a Q at
> the beginning of a line.

No, that is *not* a problem. In the EXINIT, simply map Q to something
else. You can also do this to !---but not to :, which is why you have to
use the pty solution.

> You might want to knock out the :preserve and :recover commands the same
> way, for fear that the warped user could pervert them to evil ends.  And
> why not nuke :read, :write, :wq, :edit, and :next while you're at it.

Fgs. This is why you want to nuke : entirely, then start adding macros
from a clean slate.

---Dan