Date: Thu, 22 May 2008 16:49:08 +0200 From: "Christian Zachariasen" <chrizach@gmail.com> To: "Frank Shute" <frank@shute.org.uk>, "William O. Yates" <hackware@tru2life.net>, freebsd-questions@freebsd.org Subject: Re: vi secure Message-ID: <4a89d1190805220749rb7702e1m9ddf3b15f3de8cd1@mail.gmail.com> In-Reply-To: <20080522143907.GA6487@melon.esperance-linux.co.uk> References: <20080522022653.GB3334@melon.esperance-linux.co.uk> <1211466380.47050@ns3.tru2life.net> <20080522143907.GA6487@melon.esperance-linux.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, May 22, 2008 at 4:39 PM, Frank Shute <frank@shute.org.uk> wrote: > On Thu, May 22, 2008 at 07:26:20AM -0700, William O. Yates wrote: > > > > On 21/May/2008 19:26 Frank Shute wrote .. > > > On Wed, May 21, 2008 at 01:51:03PM -0700, William O. Yates wrote: > > > > > > > > [sent the below message thru the freebsd-security list with no > > > > answers, hope for more from freebsd-questions] > > > > > > > > Recently started using vi macros. > > > > > > Show us the macro. > > > > > > > > > > > When attempting to use one which accessed the external shell, got > > > > the following message: > > > > > > > > "The ! command is not supported when the secure edit option is set." > > > > > > What does: > > > > > > :set > > > > > > show you? > > > > > > External commands work for me. Sure your vi isn't aliased? When > > > doesn't it work? As root or ordinary user or both? > > > > > > What's your secure level?: > > > > > > $ sysctl -a | grep secure > > > > > > What does: > > > > > > $ whereis vi > > > > > > give you? > > > > > > and: > > > > > > $ uname -a > > > > > > > > > > > When attempting to ":set nosecure" got: > > > > > > > > "set: the secure option may not be turned off." > > > > > > > > When attempting to "set nosecure" in my .exrc file, got: > > > > > > > > set nonumber .exrc, 44: set: the secure option may not be turned off > > > > .exrc, 44: Ex command failed: pending commands discarded > > > > > > > > Looking through all the man pages, vi references, tutorials, and the > > > > the oreilly vi "bible", can't find anything... > > > > > > > > Is "set secure" a compiled in setting? > > > > > > No. > > > > > > > > > > > >From FreeBSD vi man page: > > > > > > > > -S Run with the secure edit option set, disallowing all > > > > access to external programs. and secure [off] Turns off all > > > > access to external programs. > > > > > > > > ..william.o.yates...hackware.at.tru2life.net...tru2life.info... > > > > > > -- > > > > > > Frank > > > > > > > > > Contact info: http://www.shute.org.uk/misc/contact.html > > ..william.o.yates...hackware.at.tru2life.net...tru2life.info... > > > > I usually run as root when updating systems (toor actually)... > > > > But symptoms are same for root and user level in vi, > FreeBSD-[5.4,6.1,6.2,6.3]. > > > > NO nfs mounts, aliases, or any other funny stuff I can think of. > > > > Virgin vi setup from FreeBSD install. > > > > "inside_vi :!" --> (ANY ! command, not just macro) > > The ! command is not supported when the secure edit option is set. > > > > "inside_vi :set all" --> (same as 4 other FreeBSD machines...) > > +=+=+=+=+=+=+=+ > > noaltwerase noextended matchtime=7 report=5 > term="xterm" > > autoindent filec="" nomesg ruler noterse > > autoprint flash nomodeline scroll=27 notildeop > > noautowrite nogtagsmode noprint="" nosearchincr timeout > > backup="" hardtabs=0 nonumber secure > nottywerase > > nobeautify noiclower nooctal shiftwidth=8 noverbose > > cdpath=":" ignorecase open noshowmatch warn > > cedit="" keytime=6 optimize showmode window=29 > > columns=80 noleftright path="" sidescroll=16 > nowindowname > > nocomment lines=30 print="" noslowopen wraplen=0 > > noedcompatible nolisp prompt nosourceany > wrapmargin=0 > > escapetime=6 nolist noreadonly tabstop=8 wrapscan > > noerrorbells lock noredraw taglength=0 > nowriteany > > noexrc magic remap tags="tags" > > directory="/tmp/" > > msgcat="/usr/share/vi/catalog/" > > paragraphs="IPLPPPQPP LIpplpipbp" > > recdir="/var/tmp/vi.recover" > > sections="NHSHH HUnhsh" > > shell="/bin/sh" > > shellmeta="~{[*?$`'"^V" > > Press any key to continue [: to enter more ex commands]: > > > > "inside_vi :set nosecure" --> > > set: the secure option may not be turned off. > > > > ns1:/usr/local/www/info/docs> uname -a > > FreeBSD ns1.tru2life.net 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 > 10:40:27 UTC 2007 root@dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC > i386 > > > > ns1:/usr/local/www/info/docs> sysctl -a | grep secure > > kern.securelevel: -1 > > net.inet.tcp.insecure_rst: 0 > > > > ns1:/usr/local/www/info/docs> whereis vi > > vi: /usr/bin/vi /usr/share/man/man1/vi.1.gz > /usr/ports/editors/openoffice.org-2/work/OOE680_m6/helpcontent2/source/auxiliary/vi > > > > toor@lazy:/.../...> uname -a > > FreeBSD lazy.tru2life.net 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sun May 8 > 10:21:06 UTC 2005 root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC > i386 > > > > toor@lazy:/.../...> sysctl -a | grep secure > > kern.securelevel: -1 > > net.inet.tcp.insecure_rst: 0 > > > > ns3:/usr/home/master> uname -a > > FreeBSD ns3.tru2life.net 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Sun May 7 > 04:32:43 UTC 2006 root@opus.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC > i386 > > > > ns3:/home/master> sysctl -a | grep secure > > kern.securelevel: -1 > > net.inet.tcp.insecure_rst: 0 > > I guess you've looked at the obvious: ~/.exrc & ~/.nexrc although :set > all does say noexrc. > > Have you checked: > > $ file /usr/bin/vi > > & compared output with uname? > > Compared /usr/bin/nvi with /usr/bin/vi? They should be the same. > > E.g: > > $ ls -l /usr/bin/vi > -r-xr-xr-x 6 root wheel 309336 Apr 28 14:15 /usr/bin/vi > > $ ls -l /usr/bin/nvi > -r-xr-xr-x 6 root wheel 309336 Apr 28 14:15 /usr/bin/nvi > > Failing that, I'm mystified :( > > -- > > Frank > > > Contact info: http://www.shute.org.uk/misc/contact.html > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > Your behaviour is reproducible when I run vi -S, but in normal vi I have full access to external commands with !, both running as root and toor. I googled your error message and couldn't find it anywhere except for newsgroups where you've been posting, so it's a very rare issue indeed. I don't have any suggestions as to how you'd fix it though, except look for any aliases and the stuff people have said before. Christian Zachariasen
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4a89d1190805220749rb7702e1m9ddf3b15f3de8cd1>