Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: nyu notesfiles V1.1 4/1/84; site rna.UUCP
Path: utzoo!watmath!clyde!bonnie!akgua!sdcsvax!dcdwest!ittvax!decvax!linus!philabs!cmcl2!rna!dan
From: dan@rna.UUCP
Newsgroups: net.unix-wizards
Subject: Re: disallowing subshell in More
Message-ID: <11100002@rna.UUCP>
Date: Tue, 12-Feb-85 12:55:00 EST
Article-I.D.: rna.11100002
Posted: Tue Feb 12 12:55:00 1985
Date-Received: Sun, 17-Feb-85 05:05:07 EST
References: <8258@nbs-vms.UUCP>
Lines: 15
Nf-ID: #R:nbs-vms:-825800:rna:11100002:000:714
Nf-From: rna!dan    Feb 14 12:55:00 1985

x
> Does anyone know of a way to pipe a file to more and disallow a user from
> invoking a subshell while More is running?
> 
> Here's the senario, I have a menu that allows certain users to have root
> access to several functions (unjamming the print queue, archiving &
> restoring files, etc).  One of the options is to allow the user to get a
> listing of a tape archive to the screen (piped through More) which of course
> allows the user to type a '!sh<return>' and viola! a root shell.

But what's wrong with setuid()'ing before exec'ing more ? That is setuid()
to the original owner, chdir if you must after the fork() but before the exec()
on more.
Or maybe you could chroot() so that /bin/sh wouldn't be found. Just put
more and vi in that directory.