View Single Post
  #6   (View Single Post)  
Old 3rd July 2008
TerryP's Avatar
TerryP TerryP is offline
Arp Constable
Join Date: May 2008
Location: USofA
Posts: 1,547

Originally Posted by jggimi View Post
You are allowing vi(1) to be executed as root. Once in the editor, the "admin" user can request a shell, and they will then have a root shell without restriction and without audit history.

If you are trying to limit what "admin" can do, you must only permit the execution of programs that that do not allow shell escapes.

You should change it to force vi to run with the -S flag -> which forces the 'secure' option on (which can not be disabled without restarting vi without the -S switch afaik).

While 'secure' is set on in Vi, the user can not :! escape to a prompt or use external programs from within vi.

This is however, not to say that one could never conceivably bypass this attempt at a security feature.

It would also be ideal, that if you must make Vi available so easy -- to make sure to have a bloody log of it's actions if possible.

The script program can't log vi's actions properly but it can log ex, which is trivial to switch to vi mode.
My Journal

Thou shalt check the array bounds of all strings (indeed, all arrays), for surely where thou typest ``foo'' someone someday shall type ``supercalifragilisticexpialidocious''.
Reply With Quote