Here's how to stop shell escapes from vi

[Daniel A. Glasser]

Maybe someone else has posted this solution, maybe not.  I've not seen it
mentioned.  I've not tried it either.

My suggestion is to write a wrapping routine which checks the users gid or
uid (or whatever) and based on that either leaves the users PATH and SHELL
alone (for those who should be allowed to shell out of vi) or changes both
PATH and SHELL environment variables to something safe, (SHELL will point
to something like 'main(){write(0,"No shell for you!\n");exit(1);}'
and PATH to something which just has what vi might legitimately have to
get at.  This program will then exec the real vi.

I've not tried this with vi, but I have with many games programs.
I had one wrapper program which I linked (hard links) to the names of
the protected executables, this program looked at argv[0] to determine
what program to run (and in a few cases, what environment variables
to change -- It would read in .game_FOO files and set environment
variables from that file before running game FOO, thus simplifying
the user's .profile/.login.)  It seems to work.

					Daniel A. Glasser

-- 
Daniel A. Glasser                       One of those things that goes
dag%gorgon at persoft.com                  "BUMP! (ouch!)" in the night.