Xref: utzoo alt.security:1609 alt.bbs:3016 comp.unix.sysv386:639
Path: utzoo!utgpu!cs.utexas.edu!tut.cis.ohio-state.edu!uc!shamash!vtcqa
From: vtcqa@shamash.cdc.com (Jeff Comstock)
Newsgroups: alt.security,alt.bbs,comp.unix.sysv386
Subject: Re: Here's how to stop shell escapes from vi
Message-ID: <26116@shamash.cdc.com>
Date: 23 Sep 90 06:22:34 GMT
References: <2441@sud509.ed.ray.com> <1990Sep18.120450.14590@nstar.uucp> <1990Sep20.153105.28394@naitc.naitc.com> <11285:Sep2022:15:2090@kramden.acf.nyu.edu>
Reply-To: jrc%brainiac.uucp@shamash.cdc.com
Followup-To: alt.security
Organization: Sewer Of Source Code
Lines: 14

In article <11285:Sep2022:15:2090@kramden.acf.nyu.edu> brnstnd@kramden.acf.nyu.edu (Dan Bernstein) writes:
>X-Original-Subject: Protecting against downloads
>
>In article <1990Sep20.153105.28394@naitc.naitc.com> karl@bbs.naitc.com (Karl Denninger) writes:
>> Without source code to "vi" there is NO WAY to prevent this.  Believe me.  
>
>How fatalistic.
>
>It's easy to prevent shell escapes from vi. All you have to do is make
>sure that the : and ! characters aren't accessible from command mode.

You gotta be kidding . What good is vi without : ?  Might as well not
even use it.  It's like giving your son your car, but not letting
him put gas in it.  Whoop de doo.