Secure Captive Account/vi workaround

Secure Captive Account/vi workaround

Post by Derek Douvil » Wed, 06 Mar 1996 04:00:00

A while back,  there was in interesting issue on the matter of security
in editors.  Basically,  we are tightening restrictions on root access,
and are providing a captive account for operators to do basic daily
tasks.  Some of these include editing /etc/group and /etc/aliases, which
are root owned files.  The script easily does this by running an SUID
root script that launches vi and opens the group file (or whatever other
root-owned file).  

The problem is,  in vi I can do a <esc>:e /etc/passwd  which allows me
to edit the password file (or any other root file, since I'm running as
root) directly.  Furthermore,  from vi,  a :set shell=/sbin/sh followed
by a :shell command gives the operator root access.

If I am to impliment elvis, I would have to build it for SunOS, Solaris,
HP/UX, DG/UX, AIX, OSF and whatever else we're supporting these days. If
this is the only way,  does anyone know which parts of the source code I
have to change to get rid of commands that allow the editing of multiple
files,  commands that call system(),  and the set command?  

Any other suggestions on how to make this a secure captive account (sed/awk
scripts,  I guess).  Thanks for your suggestions.


Derek Douville (Technical Analyst)               COGNOS INCORPORATED

Phone:    (613) 738-1338 x3033                  Ottawa, Ont. K1G 3Z4
Fax:      (613) 738-3518                  #include <stddisclaimer.h>


1. Captive account

I need to setup some customer accounts on my system.
I only want the users to be able to run certain applications,
and I most definitely do not want to allow them to get to other
systems on my network.

Is this possible?  Is there an easy way to do it?

Any help would be appreciated.

Trisha Stouffer           It was peanut butter

2. How to Route all Internet traffic through another Internet ip

3. Captive Accounts

4. Redhat 7.2 wu-ftpd problem

5. Captive Accounts for Unix

6. : How to disable an user from login??? HELP.

7. Captive Shutdown account without Root Priv.

8. How to read a backslash character?

9. Restricted (or Captive) Account/Shell

10. ftp access to .profile files - captive accounts

11. Captive Shutdown account without Root Priv.

12. Solaris2.3 - Solaris2.5.1 captive accounts

13. How to create an captive account in Xwindow enviroment ?