eastick@me.utoronto.ca (Doug Eastick) (02/17/90)
Has anyone hacked NN to disallow shell escapes? If NN was to be used in a BBS environment, it would be nice if you could stop people from getting to the shell, vi, etc... "#ifdef RESTRICT_SHELL" in the appropriate places would be nice. Trying to avoid some work... -- Doug Eastick -- eastick@me.utoronto.ca
storm@texas.dk (Kim F. Storm) (02/19/90)
eastick@me.utoronto.ca (Doug Eastick) writes: >Has anyone hacked NN to disallow shell escapes? If NN was to be used >in a BBS environment, it would be nice if you could stop people from >getting to the shell, vi, etc... >"#ifdef RESTRICT_SHELL" in the appropriate places would be nice. With 6.3.9 and later, there is a variable shell-restrictions which can ONLY be set in the init file. When set, it will prevent shell escapes, it will prevent modifying certain variables like mail-script and news-script (which would otherwise be a loop-hole), and it will prevent saving through pipes. But you will still have to do something about the EDITOR used when composing mail and news articles - nn can't help you there if it allows shell escapes. -- Kim F. Storm storm@texas.dk Tel +45 429 174 00 Texas Instruments, Marielundvej 46E, DK-2730 Herlev, Denmark No news is good news, but nn is better!
cmp7130@sys.uea.ac.uk (R.M. O'Neill) (02/19/90)
eastick@me.utoronto.ca (Doug Eastick) writes: >Has anyone hacked NN to disallow shell escapes? If NN was to be used >in a BBS environment, it would be nice if you could stop people from >getting to the shell, vi, etc... > >"#ifdef RESTRICT_SHELL" in the appropriate places would be nice. > >Trying to avoid some work... A solution to your problem may already exist, and work for other things besides 'nn'. Do :- setenv SHELL /bin/echo (or /my-path/my-shell-escape-command-ignorer ) before entering nn. As far as I can see (and I could be wrong) there is no way to change the SHELL environment variable once in 'nn' - thus its secure. Richard, -- +--------------------------------------------------------------------+ | #include <picture.h> | UUCP: ..|ukc|uea-sys|cmp7130 | | Richard O'Neill, UEA, Norwich, UK | Janet: cmp7130@uk.ac.uea.sys | +--------------------------------------------------------------------+
bill@fedeva.UUCP (Bill Daniels) (02/19/90)
eastick@me.utoronto.ca (Doug Eastick) writes: >Has anyone hacked NN to disallow shell escapes? If NN was to be used >in a BBS environment, it would be nice if you could stop people from >getting to the shell, vi, etc... >"#ifdef RESTRICT_SHELL" in the appropriate places would be nice. >Trying to avoid some work... >-- >Doug Eastick -- eastick@me.utoronto.ca I have worked with this a little and found that specifying a short script as the users shell in the passwd file keeps the user from using ! commands. My script sets the TERM environment variable then calls nn. Give it a try! -- bill daniels federal express, memphis, tn {hplabs!csun,mit-eddie!premise}!fedeva!wrd3156