Path: utzoo!attcan!uunet!convex!piziali
From: piziali@convex.com (Andy Piziali)
Newsgroups: comp.unix.xenix
Subject: Re: Editor Security Hole? (was An Editor for SCO Xenix 2.3.2)
Summary: Don't fix the application, fix the environment.
Keywords: security, editor, vi
Message-ID: <100556@convex.convex.com>
Date: 13 Mar 90 18:00:14 GMT
References: <90@tygra.UUCP>
Sender: news@convex.com
Reply-To: piziali@elijah.UUCP (Andrew Piziali)
Organization: Convex Computer Corporation, Richardson, Tx.
Lines: 26

In article <90@tygra.UUCP> cat@tygra.UUCP (John Palmer) writes:
   
   I'm running a computer conferencing system here and am in need of
   a version of vi for which the source is available. The problem with
   VI as it stands now is that it allows:

       1. shell escapes
       2. the ability to read in text from another file
       3. the ability to write text to a file other than the file with
          which vi was invoked.
       4. the ability to completly switch files.

   This is a grave security loophole that I want to eliminate, but I must have
   the source code. If there are other editors that are similar to vi, or
   even a little more user-friendly, and if the sources are available for
   them, then mayby I'll switch. 

John, I would suggest restricting the environment in which vi is run, not
modifying vi itself.  The shell escapes, file inclusion, file writing, and file
switching are useful and harmless if the environment in which the vi process is
created is restricted.  Consider the process' real and effective user and group
ids, process environment (char **envp), scheduling priority, current working
directory, root directory (chroot), file creation mask, controlling terminal,
and process group when tailoring its environment.
--
		piziali@convex.com	(Andrew J. Piziali)