Secure (regular) Scripts_
Randal Schwartz
merlyn at iwarp.intel.com
Sat Dec 23 03:42:01 AEST 1989
In article <1078 at st_nik.UUCP>, nik at st_nik (Nik Simpson x333) writes:
|
| I encountered this problem writing some menu based code a couple of
| years ago, in most case programs that allow a shell escape seem to check
| the value of the shell variable SHELL, and exec this as the shell. If
| you change SHELL either using putenv if you are working in executable
| or
| SHELL="something harmless";export SHELL
|
| In a script this disbles shell escapes from most well behaved programs
| in my experience.
Except in 'vi'. You can ":set shell=/bin/sh" any'ol' time.
As has been said before, you need a completely separate environment to
get complete security, and this is no exception.
Just another security weenie,
--
/== Randal L. Schwartz, Stonehenge Consulting Services (503)777-0095 ====\
| on contract to Intel's iWarp project, Hillsboro, Oregon, USA, Sol III |
| merlyn at iwarp.intel.com ...!uunet!iwarp.intel.com!merlyn |
\== Cute Quote: "Welcome to Oregon... Home of the California Raisins!" ==/
More information about the Comp.unix.wizards
mailing list