Date: Tue, 13 Mar 2012 02:28:50 +0000 From: Frank Shute <frank@shute.org.uk> To: Tim Daneliuk <tundra@tundraware.com> Cc: Thomas Dickey <dickey@radix.net>, FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: Editor With NO Shell Access? Message-ID: <20120313022850.GA4080@orange.esperance-linux.co.uk> In-Reply-To: <4F5E5AA9.4050700@tundraware.com> References: <4F5E4C2A.1020005@tundraware.com> <20120312201310.GA25349@saltmine.radix.net> <4F5E5AA9.4050700@tundraware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--YiEDa0DAkWCtVeE4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 12, 2012 at 03:20:57PM -0500, Tim Daneliuk wrote: > > On 03/12/2012 03:13 PM, Thomas Dickey wrote: > >On Mon, Mar 12, 2012 at 02:19:06PM -0500, Tim Daneliuk wrote: > >>I have a situation where I need to provide people with the ability to e= dit > >>files. However, under no circumstances do I want them to be able to ex= it > >>to the shell. The client in question has strong (and unyielding) Info= Sec > >>requirements in this regard. > >> > >>So ... are there editors without this feature? Can I compile something= =20 > >>like > >>joe or vi to inhibit this feature? > > > >man vi (see "-S") > > >=20 > It turns out you can still work around this if your know the trick. > I am still researching this, but restricted vi appears to be compromised. >=20 >=20 Have you tried restricted vim? $ vim -Z :help restricted Regards, --=20 Frank Contact info: http://www.shute.org.uk/misc/contact.html --YiEDa0DAkWCtVeE4 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) iEYEARECAAYFAk9esOAACgkQHduKvUAgeK5WcACgo+hqrvZcufdYSsynk7c9rjLj 77sAnArJGHtD65NSxRwCyeeqOTu4URAq =3A6j -----END PGP SIGNATURE----- --YiEDa0DAkWCtVeE4--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120313022850.GA4080>