Xref: utzoo alt.security:1639 comp.unix.sysv386:841
Path: utzoo!utgpu!cs.utexas.edu!uunet!ssbell!dsndata!wayne
From: wayne@dsndata.uucp (Wayne Schlitt)
Newsgroups: alt.security,comp.unix.sysv386
Subject: Re: Here's how to stop shell escapes from vi
Message-ID: <WAYNE.90Sep29115938@dsndata.uucp>
Date: 29 Sep 90 15:59:38 GMT
References: <924@mwtech.UUCP> <27387:Sep2320:07:3890@kramden.acf.nyu.edu>
	<1990Sep24.040745.10454@chinet.chi.il.us> <1038:Sep2414:36:0390@k
	<935@mwtech.UUCP> <1990Sep27.215910.11192@hriso.ATT.COM>
	<1990Sep29.002328.27798@ibmpcug.co.uk>
Sender: wayne@dsndata.UUCP
Organization: Design Data
Lines: 14
In-reply-to: dylan@ibmpcug.co.uk's message of 29 Sep 90 00:23:28 GMT

In article <1990Sep29.002328.27798@ibmpcug.co.uk> dylan@ibmpcug.co.uk (Matthew Farwell) writes:
> [ ... ]
> 
> All this means we come back to the statement:
> 
> The ONLY way to make vi safe is to hack the source code.
> 

and this statement is quite wrong.  you _can_ make vi (or any other
program that you can read the binary) secure by disassembling it and
zapping various parts of the binary.  source just makes life easier...


-wayne