Path: utzoo!utgpu!water!watmath!clyde!att!pacbell!lll-tis!mordor!lll-lcc!unisoft!hoptoad!dasys1!jpr
From: jpr@dasys1.UUCP (Jean-Pierre Radley)
Newsgroups: comp.unix.xenix
Subject: Re: Security
Message-ID: <6781@dasys1.UUCP>
Date: 2 Oct 88 23:43:47 GMT
References: <6609@dasys1.UUCP> <6800040@cpe>
Reply-To: jpr@dasys1.UUCP (Jean-Pierre Radley)
Organization: TANGENT
Lines: 37

In article <6800040@cpe> tif@cpe.UUCP writes:
>Written  2:47 pm  Sep 23, 1988 by dasys1.UUCP!jpr in cpe:comp.unix.xenix
>>....    The desire would seem to be
>>to prevent shell escapes from ALL programs, and 'vi' is a particularly
>>nasty culprit properly in that regard: Whatever you set SHELL to, vi
>>has its own "sh" parameter, and you can't just tell the users to
>>type :set sh=/bin/rsh.
>
>That is not the case on my system.  I just tried...
>	SHELL=""
>	export SHELL
>	vi
>Then from vi, ":sh" didn't work, ":!ls" didn't work, and even "!!ls"
>didn't work.  I also did ":set all" which said "shell=".
>
>Oops.  Come to think of it, you could set shell to anything you want
>from within vi (i.e.  ":set shell=/bin/sh").  So much for my secure login.

That's just the point, Paul. Going in to 'vi', its internal 'sh' value is
set to the environment variable SHELL, if it exists, or to /bin/sh if not.

But either directly with ':se sh=I/m/gonna/get/outta/here', or via an .exrc
file or an EXINIT environment variable, users can worm their way out of vi...

And using 'readonly' in place of 'export' don't do ya no good whatsohowever
for dis particular problemo.

I'm waiting for an OK from Fred Buck to send up his 'rvi' solution, unless he
wishes to post it himself.

In security matters, as in warfare, the offense is usually ahead of the
defense.
-- 

Time is nature's way of				Jean-Pierre Radley
making sure that everything			..!cmcl2!phri!dasys1!jpr
doesn't happen all at once.			CIS: 76120,1341