Path: utzoo!utstat!helios.physics.utoronto.ca!jarvis.csri.toronto.edu!cs.utexas.edu!uunet!mcsun!sunic!dkuug!tidk!storm
From: storm@texas.dk (Kim F. Storm)
Newsgroups: news.software.nn
Subject: Re: Prohibiting Shell escapes from within NN
Keywords: secure environment
Message-ID: <470@texas.dk>
Date: 19 Feb 90 08:33:04 GMT
References: <1990Feb16.115156.29745@me.toronto.edu>
Distribution: news
Organization: Texas Instruments, Denmark
Lines: 25

eastick@me.utoronto.ca (Doug Eastick) writes:

>Has anyone hacked NN to disallow shell escapes?  If NN was to be used
>in a BBS environment, it would be nice if you could stop people from
>getting to the shell, vi, etc...

>"#ifdef RESTRICT_SHELL" in the appropriate places would be nice.

With 6.3.9 and later, there is a variable

	shell-restrictions

which can ONLY be set in the init file.  When set, it will prevent
shell escapes, it will prevent modifying certain variables like
mail-script and news-script (which would otherwise be a loop-hole),
and it will prevent saving through pipes.

But you will still have to do something about the EDITOR used when
composing mail and news articles - nn can't help you there if it
allows shell escapes.

-- 
Kim F. Storm        storm@texas.dk        Tel +45 429 174 00
Texas Instruments, Marielundvej 46E, DK-2730 Herlev, Denmark
	  No news is good news, but nn is better!