Disable shell mode in 'vi'

Disable shell mode in 'vi'

Post by Teo Hong Ko » Fri, 09 Dec 1994 17:46:24



Currently, the 'vi' editor allows its user to execute a shell command by
using ":!".  I am searching a way to prevent this.

1.      Is there any method to disable this function ?
2.      If not, is there any recommendation for another unix editor that
do not has this facility ?

Help will be very much appreciated !!!
Many thanks !!!

 
 
 

Disable shell mode in 'vi'

Post by Steven B. Thompso » Tue, 13 Dec 1994 00:10:49



: Currently, the 'vi' editor allows its user to execute a shell command by
: using ":!".  I am searching a way to prevent this.

: 1.    Is there any method to disable this function ?
: 2.    If not, is there any recommendation for another unix editor that
: do not has this facility ?

: Help will be very much appreciated !!!
: Many thanks !!!

One thing you can do is put the following line in the .exrc file:

set shell=/dev/null

This will produce an error message when the user attempts to execute a
shell command, something like: "Invalid SHELL value: /dev/null".   The
user simply presses Enter to erase the error and return to the normal mode.

One final note, you should remove all write permissions to .exrc so that
the user can not vi the file and remove the line.

-------------------------------------------------------------------------
Steve Thompson                   |  The person who says it cannot be done



 
 
 

Disable shell mode in 'vi'

Post by Mark L. Willia » Tue, 13 Dec 1994 10:13:11


Whilst the advice given will work, the user will still be able to execute
shell commands by first entering (in vi):

        :set shell=/bin/csh

or whatever the path of the desired shell is.

Hope this helps....

Mark

--

 
 
 

Disable shell mode in 'vi'

Post by Carl Brew » Tue, 13 Dec 1994 11:25:09




Quote:>Whilst the advice given will work, the user will still be able to execute
>shell commands by first entering (in vi):
>    :set shell=/bin/csh
>or whatever the path of the desired shell is.

If you do want to make a (slighty) more secure vi, get and hack nvi (or
any of the vi clones) to remove the shell out/exec() options.

--
Carl Brewer                             Ph :61-9-380-1893 | #include \
Systems/Network Officer, Reid Library   Fax:61-9-380-1012 | <std_disclaimer.h>

Woooo, speed hump cat ....              beable

 
 
 

Disable shell mode in 'vi'

Post by Magnus Nasho » Tue, 13 Dec 1994 20:46:22




>: Currently, the 'vi' editor allows its user to execute a shell command by
>: using ":!".  I am searching a way to prevent this.
>: 1.        Is there any method to disable this function ?
>: 2.        If not, is there any recommendation for another unix editor that
>: do not has this facility ?
>: Help will be very much appreciated !!!
>: Many thanks !!!
>One thing you can do is put the following line in the .exrc file:
>set shell=/dev/null
>This will produce an error message when the user attempts to execute a
>shell command, something like: "Invalid SHELL value: /dev/null".   The
>user simply presses Enter to erase the error and return to the normal mode.
>One final note, you should remove all write permissions to .exrc so that
>the user can not vi the file and remove the line.

This was not a very good idea, I'm afraid. The user can simply write
:set shell=/bin/csh
to get around this.
I would say that there is no way to do it, that the user cannot change.
There are several ways (exept for :!) to get to the shell from vi. Look for
another editor or use 'red', the restricted version of 'ed'.
/Magnus
 
 
 

Disable shell mode in 'vi'

Post by Steven B. Thompso » Tue, 13 Dec 1994 21:52:41




: >: Currently, the 'vi' editor allows its user to execute a shell command by
: >: using ":!".  I am searching a way to prevent this.

: >: 1.      Is there any method to disable this function ?
: >: 2.      If not, is there any recommendation for another unix editor that
: >: do not has this facility ?

: >: Help will be very much appreciated !!!
: >: Many thanks !!!

: >One thing you can do is put the following line in the .exrc file:

: >set shell=/dev/null

: >This will produce an error message when the user attempts to execute a
: >shell command, something like: "Invalid SHELL value: /dev/null".   The
: >user simply presses Enter to erase the error and return to the normal mode.

: >One final note, you should remove all write permissions to .exrc so that
: >the user can not vi the file and remove the line.

: This was not a very good idea, I'm afraid. The user can simply write
: :set shell=/bin/csh
: to get around this.

Good point, don't know why I didn't think of that.   Thanks for bringing
it to his attention.

-------------------------------------------------------------------------
Steve Thompson                   |  The person who says it cannot be done


 
 
 

Disable shell mode in 'vi'

Post by Karlon We » Wed, 14 Dec 1994 06:42:50




> : Currently, the 'vi' editor allows its user to execute a shell command by
> : using ":!".  I am searching a way to prevent this.
> : 1.       Is there any method to disable this function ?
> : 2.       If not, is there any recommendation for another unix editor that
> : do not has this facility ?
> : Help will be very much appreciated !!!
> : Many thanks !!!
> One thing you can do is put the following line in the .exrc file:
> set shell=/dev/null
> This will produce an error message when the user attempts to execute a
> shell command, something like: "Invalid SHELL value: /dev/null".   The
> user simply presses Enter to erase the error and return to the normal mode.

but, cannot the user then issue the following?

                :set shell=/bin/ksh
                :shell

This should reset the shell, and then allow the user shell out

> One final note, you should remove all write permissions to .exrc so that
> the user can not vi the file and remove the line.
> -------------------------------------------------------------------------
> Steve Thompson                   |  The person who says it cannot be done



 
 
 

Disable shell mode in 'vi'

Post by Brian T » Tue, 20 Dec 1994 12:14:55



Quote:

>Currently, the 'vi' editor allows its user to execute a shell command by
>using ":!".  I am searching a way to prevent this.

>1.  Is there any method to disable this function ?

    You can do things like :set shell or setenv SHELL, but users can
override that from inside vi.  Get the source for vi (or one of the
many vi clones, I prefer vim 3.0 myself) and modify the source code to
remove any shell exec or piping functions.

Quote:>2.  If not, is there any recommendation for another unix editor that
>do not has this facility ?

    Try pico.  That's what we use here for users who haven't been
granted shell access.
--

::::::::::: - - --===+ Home page URL = http://www.io.org/~taob/ +===-- - -