Path: utzoo!attcan!uunet!lll-winken!lll-tis!ames!mailrus!iuvax!rutgers!bellcore!tness7!ninja!cpe!tif
From: tif@cpe.UUCP
Newsgroups: comp.unix.xenix
Subject: Re: Security
Message-ID: <6800030@cpe>
Date: 31 Aug 88 22:12:00 GMT
References: <4@raider.UUCP>
Lines: 20
Nf-ID: #R:raider.UUCP:4:cpe:6800030:000:978
Nf-From: cpe.UUCP!tif    Aug 31 17:12:00 1988


Written 10:24 am  Aug 14, 1988 by raider.UUCP!root in cpe:comp.unix.xenix
>I would like to give folks access to vnews and elm via a restricted shell. I 
>have dutifully set up a 'restricted' bin directory containing just a few     
>commands, like vi, vnews, readnews, who, cat; I set all restricted users PATH
>to this directory only. Here's the rub:
>
>They can use shell commands from within either vnews of vi and do anything  
>their heart desires (within normal system security, of course). Well, this
>just won't work ! I know there is a 'red' editor, but I hate to confine them
>to that. 
>
>Does anyone have a solution for me ? Am I trying to do this the wrong way ? 

Experiment with the environment variable, SHELL.  I have a limited
login which sets SHELL="".  It effectively prevents shell escapes from
most programs.  You might be satisfied with setting SHELL=rsh.

			Paul Chamberlain
			Computer Product Engineering, Tandy Corp.
			{convex,killer}!ninja!cpe!tif