Path: utzoo!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!ingr!nijmeg!st_nik!nik
From: nik@st_nik.UUCP (Nik Simpson x333)
Newsgroups: comp.unix.wizards
Subject: Re: Secure (regular) Scripts_
Summary: SHELL variable
Message-ID: <1078@st_nik.UUCP>
Date: 19 Dec 89 16:29:41 GMT
References: <9100020@m.cs.uiuc.edu>
Organization: Intergraph UK Ltd.
Lines: 15


	I encountered this problem writing some menu based code a couple of 
years ago,  in most case programs that allow a shell escape seem to check
the value of the shell variable SHELL,  and exec this as the shell.  If 
you change SHELL either using putenv if you are working in executable
or 
	SHELL="something harmless";export SHELL

	In a script this disbles shell escapes from most well behaved programs
in my experience.
-- 
|--------------------------------------------------|
|  Nik Simpson	UUCP :  uunet!ingr!swndn!st_nik!nik|
|  Senior Systems Engineer.     Intergraph UK Ltd. |
|--------------------------------------------------|