From owner-freebsd-questions@FreeBSD.ORG Tue Mar 13 03:00:35 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id F00711065672 for ; Tue, 13 Mar 2012 03:00:35 +0000 (UTC) (envelope-from frank@esperance-linux.co.uk) Received: from asmtp3.iomartmail.com (asmtp3.iomartmail.com [62.128.201.159]) by mx1.freebsd.org (Postfix) with ESMTP id 3ADA98FC15 for ; Tue, 13 Mar 2012 03:00:16 +0000 (UTC) Received: from asmtp3.iomartmail.com (localhost.localdomain [127.0.0.1]) by asmtp3.iomartmail.com (8.13.8/8.13.8) with ESMTP id q2D2Soof018703; Tue, 13 Mar 2012 02:28:50 GMT Received: from orange.esperance-linux.co.uk (host-92-22-126-218.as13285.net [92.22.126.218]) (authenticated bits=0) by asmtp3.iomartmail.com (8.13.8/8.13.8) with ESMTP id q2D2Socq018692; Tue, 13 Mar 2012 02:28:50 GMT Received: by orange.esperance-linux.co.uk (Postfix, from userid 1001) id 54B3C33C52; Tue, 13 Mar 2012 02:28:50 +0000 (GMT) Date: Tue, 13 Mar 2012 02:28:50 +0000 From: Frank Shute To: Tim Daneliuk Message-ID: <20120313022850.GA4080@orange.esperance-linux.co.uk> References: <4F5E4C2A.1020005@tundraware.com> <20120312201310.GA25349@saltmine.radix.net> <4F5E5AA9.4050700@tundraware.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="YiEDa0DAkWCtVeE4" Content-Disposition: inline In-Reply-To: <4F5E5AA9.4050700@tundraware.com> User-Agent: Mutt/1.4.2.3i X-Face: *}~{PHnDTzvXPe'wl_-f%!@+r5; VLhb':*DsX%wEOPg\fDrXWQJf|2\,92"DdS%63t*BHDyQ|OWo@Gfjcd72eaN!4%NE{0]p)ihQ1MyFNtWL X-Operating-System: FreeBSD 8.3-RC1 amd64 X-Organisation: 'shute.org.uk' Cc: Thomas Dickey , FreeBSD Mailing List Subject: Re: Editor With NO Shell Access? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Frank Shute List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Mar 2012 03:00:36 -0000 --YiEDa0DAkWCtVeE4 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Mar 12, 2012 at 03:20:57PM -0500, Tim Daneliuk wrote: > > On 03/12/2012 03:13 PM, Thomas Dickey wrote: > >On Mon, Mar 12, 2012 at 02:19:06PM -0500, Tim Daneliuk wrote: > >>I have a situation where I need to provide people with the ability to e= dit > >>files. However, under no circumstances do I want them to be able to ex= it > >>to the shell. The client in question has strong (and unyielding) Info= Sec > >>requirements in this regard. > >> > >>So ... are there editors without this feature? Can I compile something= =20 > >>like > >>joe or vi to inhibit this feature? > > > >man vi (see "-S") > > >=20 > It turns out you can still work around this if your know the trick. > I am still researching this, but restricted vi appears to be compromised. >=20 >=20 Have you tried restricted vim? $ vim -Z :help restricted Regards, --=20 Frank Contact info: http://www.shute.org.uk/misc/contact.html --YiEDa0DAkWCtVeE4 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (FreeBSD) iEYEARECAAYFAk9esOAACgkQHduKvUAgeK5WcACgo+hqrvZcufdYSsynk7c9rjLj 77sAnArJGHtD65NSxRwCyeeqOTu4URAq =3A6j -----END PGP SIGNATURE----- --YiEDa0DAkWCtVeE4--