Path: utzoo!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!mcsun!unido!fauern!tumuc!lan!foessmei
From: foessmei@lan.informatik.tu-muenchen.dbp.de (Reinhard Foessmeier)
Newsgroups: comp.unix.wizards
Subject: Re: Secure (regular) Scripts_
Summary: Gardu vin / beware!
Message-ID: <1007@tuminfo1.lan.informatik.tu-muenchen.dbp.de>
Date: 22 Dec 89 08:42:34 GMT
References: <9100020@m.cs.uiuc.edu> <1078@st_nik.UUCP>
Sender: news@lan.informatik.tu-muenchen.dbp.de
Reply-To: foessmei@lan.informatik.tu-muenchen.dbp.de (Reinhard Foessmeier)
Organization: Inst. fuer Informatik, TU Muenchen, W. Germany
Lines: 20

In article <1078@st_nik.UUCP> nik@st_nik.UUCP (Nik Simpson x333) writes:
-> ...   If 
->you change SHELL either using putenv if you are working in executable
->or 
->	SHELL="something harmless";export SHELL
->
->	In a script this disbles shell escapes from most well behaved programs
->in my experience.
->-- 
Mi ne scias, chu vi nomus "vi"		I don't know if you call "vi" a well
bonkonduta programo.  Sed "vi"		behaved program. Yet "vi" allows you
permesas al vi shanghi la valoron	to change the value of "SHELL" by
de "SHELL", per la ordono		typing the command
":set shell=/bin/sh".  Do gardu vin!	":set shell=/bin/sh".  So beware!

Reinhard F"o"smeier
-----
Reinhard F\"ossmeier, Technische Univ. M\"unchen | UNOX is a trademark of
foessmeier@infovax.informatik.tu-muenchen.dbp.de |     "Union Deutsche 
   [ { relay.cs.net | unido.uucp } ]             | Lebensmittelwerke GmbH"