(take 3): vi with no shell
2007-12-25 9:30:00
I'm posting this because there was a security problem with my previous summary.
Solution 2 in my first summary (see below) uses a .exrc file to stop people
breaking into a shell from vi.
The file had the following permissions:
-r-xr-xr-x 1 root other 36 Feb 12 12:38 .exrc
The file contained:
set shell=/dev/null
set exrc=noexrc
Lots of people pointed out that because the .exrc file is in the person's home
directory ( as they have "write" permission to this directory) they can remove
it, or rename it as .exrc.old so it isn't used.
Someone else pointed out that from vi you could type ":n .exrc" and edit the
.exrc file like that ( I tried that and it's true but it wouldn't let me save
the file as it was owned by root, but it's probably possible somehow :-) )
Someone else also pointed out that if you set the environment variable EXINIT
then it ignores the .exrc file - I tested this and it's true as well.
eg: for csh:
setenv EXINIT ":set sw-6" and then start the vi
or for ksh
EXINIT=":set sw-6"
export EXINIT and then start the vi.
So I've decided to get the source for 'nvi' and compile that without the option
that lets you break out to shell.
Thanks to everybody that replied, (HUGE numbers of replies) and thanks for
taking the time to correct the summary as well, I'm pretty impressed with the
response
Marina
*** MY SECOND SUMMARY *********************************
I'm posting this because I have had a number of replies to my summary,
along similar lines as the one below.
They won't have any shell so they can't remove the .exrc file.
They will go straight into a program, one of the menu options will be to send a
mail message using 'elm': this is created using 'vi' but we will stop them
getting through to a shell with the .exrc file, and after they finish using the
program they will be logged straight out of the system.
Marina
*** MY FIRST SUMMARY *********************************
Lots of thanks to everybody that responded.
1.
Some people said they thought you could turn off that option when
compiling elm.
What it actually lets you turn off is breaking into a shell from elm
itself, which we did turn off,
however when it asked which editor we wanted, we said `vi' and you can
still break into the shell
from vi.
2.
Other people said to use .exrc files:
Try placing a file named .exrc in the home directory of each user with
read-only permissions for them, and the following contents
shell=/bin/false
where /bin/false is a dummy shell or something that tells them that
they can't
get a shell.
(Make sure to specify that exrc=noexrc in the same file,
so that the usre cannot attempt to load another .exrc file to bypass
this).
You may want to remove all write permissions to .exrc so the user can
not
vi the file and remove the line
3.
Other people suggested getting source code for a `vi' clone and
compiling it without the shell option:
You could get a copy of the "vim" ( = Vi IMproved) vi-clone, which
does
all that vi does, and more, and switch off the shell fork option in
the
source-code - I heartily recommend it!
or.
Sure - checkout OSH & its accompaning 'nvi' which has been modified to
specifically stop vi shell-escapes (though do note that this nvi has
some build
'oddities' with curses libraries..).
OSH URL is: http://www.EnGarde.com/~mcn/osh.html
or
The simplist and strongest way I know is to get the source
for vi clone (such as the one that comes with Liux) or vi
itself (from the BSD destribution), rip out the shell escape
code and compile it statically.
or
Another option: compile GNU vi with shell escape capability
removed.
Thanks once again
Marina
*** MY ORIGINAL QUESTION *********************************
>
> Does anybody know how to call 'vi' without giving it the ability to
> create a shell?
>
> (Background:
> I have to give some users access to the mailing package 'elm' where
> 'vi' is used to create mail messages, but i don't want them to be able
> to break out into a shell)
>
> Marina
>
Comments
Got something to say?
You must be logged in to post a comment.
