Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!aplcen!wb3ffv!ka3ovk!raysnec!shwake
From: shwake@raysnec.UUCP (Ray Shwake)
Newsgroups: comp.unix.questions
Subject: Re: How to prevent VI from getting a shell?
Message-ID: <81@raysnec.UUCP>
Date: 23 Sep 90 22:17:58 GMT
References: <570@DIALix.UUCP> <1990Sep17.210110.26060@robobar.co.uk> <77@raysnec.UUCP> <13934:Sep2105:09:2890@kramden.acf.nyu.edu>
Organization: IRS/CI - Technical Solutions Branch
Lines: 20

brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:

>In article <77@raysnec.UUCP> shwake@raysnec.UUCP (Ray Shwake) writes:
>> I suggest that, after predefining SHELL to something innocuous (I use
>> /bin/echo), patch the *set* reference in the binary to something with an
>> embedded space. So far, its proven quite tight. (Of course, if even THIS
>> leaves some obscure weakness, I'm sure someone will point it out to me!)

>The problem is that it completely prevents useful things like :set nu.

	Ah, but the whole point of this exercise is to deny one functional
option (access to the shell) with minimal untoward effects. I could, of
course, argue that those who have no business in the shell are not the
sort who should be mucking about with "set" variables, or that those
variables could be pre-set before firing up VI.

	Those suggesting non-standard, and unsupported alternatives like
'elvis' or 'pty' patches take us into uncharted territories. Mucking about
with standard ASCII characters like Q, ! and :, and then trying to compensate
for such a kludge is a definite no-no in THIS wizard's environment.