A while back, there was in interesting issue on the matter of security
in editors. Basically, we are tightening restrictions on root access,
and are providing a captive account for operators to do basic daily
tasks. Some of these include editing /etc/group and /etc/aliases, which
are root owned files. The script easily does this by running an SUID
root script that launches vi and opens the group file (or whatever other
The problem is, in vi I can do a <esc>:e /etc/passwd which allows me
to edit the password file (or any other root file, since I'm running as
root) directly. Furthermore, from vi, a :set shell=/sbin/sh followed
by a :shell command gives the operator root access.
If I am to impliment elvis, I would have to build it for SunOS, Solaris,
HP/UX, DG/UX, AIX, OSF and whatever else we're supporting these days. If
this is the only way, does anyone know which parts of the source code I
have to change to get rid of commands that allow the editing of multiple
files, commands that call system(), and the set command?
Any other suggestions on how to make this a secure captive account (sed/awk
scripts, I guess). Thanks for your suggestions.
Derek Douville (Technical Analyst) COGNOS INCORPORATED
Phone: (613) 738-1338 x3033 Ottawa, Ont. K1G 3Z4
Fax: (613) 738-3518 #include <stddisclaimer.h>
UNIX TECHNICAL SUPPORT (Internal) SYSTEM ADMINISTRATION