Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!uunet!munnari.oz.au!uniwa!DIALix!bernie
From: bernie@DIALix.UUCP (Bernd Felsche)
Newsgroups: comp.unix.questions
Subject: Re: How to prevent VI from getting a shell?
Summary: Don't use vi.
Keywords: vi security
Message-ID: <573@DIALix.UUCP>
Date: 21 Sep 90 15:55:46 GMT
Expires: 15 Oct 90 00:00:00 GMT
References: <570@DIALix.UUCP>
Reply-To: bernie@DIALix.oz.au (Bernd Felsche)
Organization: DIALix Services, Perth Western Australia
Lines: 22

Well, so much for my suggestion about setting SHELL=/bin/true.
My suggestion was made on the spur of the moment, without
consideration for the :set shell=/bin/wizard feature.

Mind you, the SHELL trick does make it inconvenient, if not 
impossible for casual users (Who knew about "set shell=" before 
following this thread of discussion?)

I was not under the impression that a _secure_ environment was
required.  As Dominic Dunlop of TSA points out, vi with all the
shell escape stuff disable is of limited use (IMHO:stuffed)

There are many unix editors with source code in the public domain or
available at no charge.  Any of these could be knobbled to prevent
all but rudimentary editing.  In the mean time, why not use cat?
:-)  

In the case of a "secure" environment, users would be operating in a
chroot environment anyway... with a limited subset of commands... 
only able to harm themselves.

bernie