Path: utzoo!utgpu!jarvis.csri.toronto.edu!cs.utexas.edu!usc!elroy.jpl.nasa.gov!zardoz.cpd.com!dhw68k!fedeva!bill
From: bill@fedeva.UUCP (Bill Daniels)
Newsgroups: news.software.nn
Subject: Re: Prohibiting Shell escapes from within NN
Keywords: secure environment
Message-ID: <13@fedeva.UUCP>
Date: 19 Feb 90 14:07:23 GMT
References: <1990Feb16.115156.29745@me.toronto.edu>
Distribution: news
Organization: Federal Express Corp., Memphis, TN
Lines: 21

eastick@me.utoronto.ca (Doug Eastick) writes:

>Has anyone hacked NN to disallow shell escapes?  If NN was to be used
>in a BBS environment, it would be nice if you could stop people from
>getting to the shell, vi, etc...

>"#ifdef RESTRICT_SHELL" in the appropriate places would be nice.

>Trying to avoid some work...
>--
>Doug Eastick -- eastick@me.utoronto.ca


I have worked with this a little and found that specifying a short script
as the users shell in the passwd file keeps the user from using ! commands.
My script sets the TERM environment variable then calls nn.  Give it a try!

-- 
bill daniels
federal express, memphis, tn
{hplabs!csun,mit-eddie!premise}!fedeva!wrd3156