From owner-freebsd-questions@FreeBSD.ORG Thu May 22 18:27:29 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3C5AA1065676 for ; Thu, 22 May 2008 18:27:29 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from betty.computinginnovations.com (mail.computinginnovations.com [64.81.227.250]) by mx1.freebsd.org (Postfix) with ESMTP id 95AA08FC1A for ; Thu, 22 May 2008 18:27:28 +0000 (UTC) (envelope-from derek@computinginnovations.com) Received: from p28.computinginnovations.com (dhcp-10-20-30-100.computinginnovations.com [10.20.30.100]) (authenticated bits=0) by betty.computinginnovations.com (8.14.2/8.14.2) with ESMTP id m4MIREAJ033158; Thu, 22 May 2008 13:27:15 -0500 (CDT) (envelope-from derek@computinginnovations.com) Message-Id: <6.0.0.22.2.20080522132455.02552288@mail.computinginnovations.com> X-Sender: derek@mail.computinginnovations.com X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22 Date: Thu, 22 May 2008 13:27:06 -0500 To: "William O. Yates" , Frank Shute From: Derek Ragona In-Reply-To: <1211466380.47050@ns3.tru2life.net> References: <20080522022653.GB3334@melon.esperance-linux.co.uk> <1211466380.47050@ns3.tru2life.net> Mime-Version: 1.0 X-Antivirus: avast! (VPS 080522-0, 05/22/2008), Outbound message X-Antivirus-Status: Clean X-Virus-Scanned: ClamAV 0.93/6806/Wed Apr 16 15:50:16 2008 on betty.computinginnovations.com X-Virus-Status: Clean X-ComputingInnovations-MailScanner-Information: Please contact the ISP for more information X-MailScanner-ID: m4MIREAJ033158 X-ComputingInnovations-MailScanner: Found to be clean X-ComputingInnovations-MailScanner-From: derek@computinginnovations.com X-Spam-Status: No Content-Type: text/plain; charset="us-ascii"; format=flowed X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: vi secure X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 May 2008 18:27:29 -0000 At 09:26 AM 5/22/2008, William O. Yates wrote: >On 21/May/2008 19:26 Frank Shute wrote .. > > On Wed, May 21, 2008 at 01:51:03PM -0700, William O. Yates wrote: > > > > > > [sent the below message thru the freebsd-security list with no > > > answers, hope for more from freebsd-questions] > > > > > > Recently started using vi macros. > > > > Show us the macro. > > > > > > > > When attempting to use one which accessed the external shell, got > > > the following message: > > > > > > "The ! command is not supported when the secure edit option is set." > > > > What does: > > > > :set > > > > show you? > > > > External commands work for me. Sure your vi isn't aliased? When > > doesn't it work? As root or ordinary user or both? > > > > What's your secure level?: > > > > $ sysctl -a | grep secure > > > > What does: > > > > $ whereis vi > > > > give you? > > > > and: > > > > $ uname -a > > > > > > > > When attempting to ":set nosecure" got: > > > > > > "set: the secure option may not be turned off." > > > > > > When attempting to "set nosecure" in my .exrc file, got: > > > > > > set nonumber .exrc, 44: set: the secure option may not be turned off > > > .exrc, 44: Ex command failed: pending commands discarded > > > > > > Looking through all the man pages, vi references, tutorials, and the > > > the oreilly vi "bible", can't find anything... > > > > > > Is "set secure" a compiled in setting? > > > > No. > > > > > > > > >From FreeBSD vi man page: > > > > > > -S Run with the secure edit option set, disallowing all > > > access to external programs. and secure [off] Turns off all > > > access to external programs. > > > > > > ..william.o.yates...hackware.at.tru2life.net...tru2life.info... > > > > -- > > > > Frank > > > > > > Contact info: http://www.shute.org.uk/misc/contact.html >..william.o.yates...hackware.at.tru2life.net...tru2life.info... > >I usually run as root when updating systems (toor actually)... > >But symptoms are same for root and user level in vi, >FreeBSD-[5.4,6.1,6.2,6.3]. > >NO nfs mounts, aliases, or any other funny stuff I can think of. > >Virgin vi setup from FreeBSD install. > >"inside_vi :!" --> (ANY ! command, not just macro) >The ! command is not supported when the secure edit option is set. > >"inside_vi :set all" --> (same as 4 other FreeBSD machines...) >+=+=+=+=+=+=+=+ >noaltwerase noextended matchtime=7 report=5 term="xterm" >autoindent filec="" nomesg ruler noterse >autoprint flash nomodeline scroll=27 notildeop >noautowrite nogtagsmode noprint="" nosearchincr timeout >backup="" hardtabs=0 nonumber secure nottywerase >nobeautify noiclower nooctal shiftwidth=8 noverbose >cdpath=":" ignorecase open noshowmatch warn >cedit="" keytime=6 optimize showmode window=29 >columns=80 noleftright path="" sidescroll=16 nowindowname >nocomment lines=30 print="" noslowopen wraplen=0 >noedcompatible nolisp prompt nosourceany wrapmargin=0 >escapetime=6 nolist noreadonly tabstop=8 wrapscan >noerrorbells lock noredraw taglength=0 nowriteany >noexrc magic remap tags="tags" >directory="/tmp/" >msgcat="/usr/share/vi/catalog/" >paragraphs="IPLPPPQPP LIpplpipbp" >recdir="/var/tmp/vi.recover" >sections="NHSHH HUnhsh" >shell="/bin/sh" >shellmeta="~{[*?$`'"^V" >Press any key to continue [: to enter more ex commands]: > >"inside_vi :set nosecure" --> >set: the secure option may not be turned off. > >ns1:/usr/local/www/info/docs> uname -a >FreeBSD ns1.tru2life.net 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 >10:40:27 UTC >2007 root@dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 > >ns1:/usr/local/www/info/docs> sysctl -a | grep secure >kern.securelevel: -1 >net.inet.tcp.insecure_rst: 0 > >ns1:/usr/local/www/info/docs> whereis vi >vi: /usr/bin/vi /usr/share/man/man1/vi.1.gz >/usr/ports/editors/openoffice.org-2/work/OOE680_m6/helpcontent2/source/auxiliary/vi > >toor@lazy:/.../...> uname -a >FreeBSD lazy.tru2life.net 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sun May 8 >10:21:06 UTC >2005 root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 > >toor@lazy:/.../...> sysctl -a | grep secure >kern.securelevel: -1 >net.inet.tcp.insecure_rst: 0 > >ns3:/usr/home/master> uname -a >FreeBSD ns3.tru2life.net 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Sun May 7 >04:32:43 UTC >2006 root@opus.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 > >ns3:/home/master> sysctl -a | grep secure >kern.securelevel: -1 >net.inet.tcp.insecure_rst: 0 What are the mount options for /tmp and /var/tmp? If you start vi on a mounted filesystem with noexec set this can cause the problem. -Derek -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean.