Xref: utzoo alt.security:1647 comp.unix.sysv386:872
Path: utzoo!attcan!uunet!mcsun!ukc!tcdcs!dce.ie!em
From: em@dce.ie (Eamonn McManus)
Newsgroups: alt.security,comp.unix.sysv386
Subject: Re: Here's how to stop shell escapes from vi
Message-ID: <biggles@dce.ie>
Date: 1 Oct 90 10:34:12 GMT
References: <2441@sud509.ed.ray.com> <1990Sep18.120450.14590@nstar.uucp> <1990Sep20.153105.28394@naitc.naitc.com> <11285:Sep2022:15:2090@kr <924@mwtech.UUCP> <PA06YE4@xds13.ferranti.com> <WAYNE.90Sep27073633@dsndata.uucp>
Organization: Datacode Communications Ltd, Dublin, Ireland
Lines: 20

In article <WAYNE.90Sep27073633@dsndata.uucp> wayne@dsndata.uucp (Wayne Schlitt) writes:
>In article <PA06YE4@xds13.ferranti.com> peter@ficc.ferranti.com (Peter da Silva) writes:
...
>> Just zap the "/bin/sh" and the name of the "shell" variable.
...
>ok, /bin/sh can be zapped easily, but i am not sure about the SHELL
>variable.  what to you zap it to?  changing "SHELL" to "XXXXX" just
>moves the problem, using unprintable characters probably wont solve it
>either.  would zapping the 'S' to a '\0' really work?

Changing the string "shell" to a null string works.  This string may
occur twice, depending on the compiler: once for the :set shell option
and once for the :shell command.  You also want to get "sh" which is an
allowed abbreviation for the shell option.

>i havent try any of this, but without source, it would be hard to
>verify that all the holes are plugged.

I agree; if anyone is very concerned about security they should hack
the source of some editor, not rely on patching binaries in the dark.