From owner-freebsd-questions@FreeBSD.ORG Mon Mar 12 20:21:06 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4FA501065673 for ; Mon, 12 Mar 2012 20:21:06 +0000 (UTC) (envelope-from tundra@tundraware.com) Received: from ozzie.tundraware.com (ozzie.tundraware.com [75.145.138.73]) by mx1.freebsd.org (Postfix) with ESMTP id 115748FC12 for ; Mon, 12 Mar 2012 20:21:05 +0000 (UTC) Received: from [192.168.0.2] (viper.tundraware.com [192.168.0.2]) (authenticated bits=0) by ozzie.tundraware.com (8.14.5/8.14.5) with ESMTP id q2CKKvaL039303 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Mon, 12 Mar 2012 15:20:57 -0500 (CDT) (envelope-from tundra@tundraware.com) Message-ID: <4F5E5AA9.4050700@tundraware.com> Date: Mon, 12 Mar 2012 15:20:57 -0500 From: Tim Daneliuk User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2 MIME-Version: 1.0 To: Thomas Dickey References: <4F5E4C2A.1020005@tundraware.com> <20120312201310.GA25349@saltmine.radix.net> In-Reply-To: <20120312201310.GA25349@saltmine.radix.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.2.7 (ozzie.tundraware.com [192.168.0.1]); Mon, 12 Mar 2012 15:20:57 -0500 (CDT) X-TundraWare-MailScanner-Information: Please contact the ISP for more information X-TundraWare-MailScanner-ID: q2CKKvaL039303 X-TundraWare-MailScanner: Found to be clean X-TundraWare-MailScanner-From: tundra@tundraware.com X-Spam-Status: No Cc: FreeBSD Mailing List Subject: Re: Editor With NO Shell Access? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 12 Mar 2012 20:21:06 -0000 On 03/12/2012 03:13 PM, Thomas Dickey wrote: > On Mon, Mar 12, 2012 at 02:19:06PM -0500, Tim Daneliuk wrote: >> I have a situation where I need to provide people with the ability to edit >> files. However, under no circumstances do I want them to be able to exit >> to the shell. The client in question has strong (and unyielding) InfoSec >> requirements in this regard. >> >> So ... are there editors without this feature? Can I compile something like >> joe or vi to inhibit this feature? > > man vi (see "-S") > It turns out you can still work around this if your know the trick. I am still researching this, but restricted vi appears to be compromised. -- ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/