Here's how to stop shell escapes from vi
Eamonn McManus
em at dce.ie
Mon Oct 1 20:34:12 AEST 1990
In article <WAYNE.90Sep27073633 at dsndata.uucp> wayne at dsndata.uucp (Wayne Schlitt) writes:
>In article <PA06YE4 at xds13.ferranti.com> peter at ficc.ferranti.com (Peter da Silva) writes:
...
>> Just zap the "/bin/sh" and the name of the "shell" variable.
...
>ok, /bin/sh can be zapped easily, but i am not sure about the SHELL
>variable. what to you zap it to? changing "SHELL" to "XXXXX" just
>moves the problem, using unprintable characters probably wont solve it
>either. would zapping the 'S' to a '\0' really work?
Changing the string "shell" to a null string works. This string may
occur twice, depending on the compiler: once for the :set shell option
and once for the :shell command. You also want to get "sh" which is an
allowed abbreviation for the shell option.
>i havent try any of this, but without source, it would be hard to
>verify that all the holes are plugged.
I agree; if anyone is very concerned about security they should hack
the source of some editor, not rely on patching binaries in the dark.
More information about the Comp.unix.sysv386
mailing list