Date: Thu, 22 May 2008 07:26:20 -0700 (PDT) From: "William O. Yates" <hackware@tru2life.net> To: Frank Shute <frank@shute.org.uk> Cc: freebsd-questions@freebsd.org Subject: Re: vi secure Message-ID: <1211466380.47050@ns3.tru2life.net> In-Reply-To: <20080522022653.GB3334@melon.esperance-linux.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On 21/May/2008 19:26 Frank Shute wrote .. > On Wed, May 21, 2008 at 01:51:03PM -0700, William O. Yates wrote: > > > > [sent the below message thru the freebsd-security list with no > > answers, hope for more from freebsd-questions] > > > > Recently started using vi macros. > > Show us the macro. > > > > > When attempting to use one which accessed the external shell, got > > the following message: > > > > "The ! command is not supported when the secure edit option is set." > > What does: > > :set > > show you? > > External commands work for me. Sure your vi isn't aliased? When > doesn't it work? As root or ordinary user or both? > > What's your secure level?: > > $ sysctl -a | grep secure > > What does: > > $ whereis vi > > give you? > > and: > > $ uname -a > > > > > When attempting to ":set nosecure" got: > > > > "set: the secure option may not be turned off." > > > > When attempting to "set nosecure" in my .exrc file, got: > > > > set nonumber .exrc, 44: set: the secure option may not be turned off > > .exrc, 44: Ex command failed: pending commands discarded > > > > Looking through all the man pages, vi references, tutorials, and the > > the oreilly vi "bible", can't find anything... > > > > Is "set secure" a compiled in setting? > > No. > > > > > >From FreeBSD vi man page: > > > > -S Run with the secure edit option set, disallowing all > > access to external programs. and secure [off] Turns off all > > access to external programs. > > > > ..william.o.yates...hackware.at.tru2life.net...tru2life.info... > > -- > > Frank > > > Contact info: http://www.shute.org.uk/misc/contact.html ..william.o.yates...hackware.at.tru2life.net...tru2life.info... I usually run as root when updating systems (toor actually)... But symptoms are same for root and user level in vi, FreeBSD-[5.4,6.1,6.2,6.3]. NO nfs mounts, aliases, or any other funny stuff I can think of. Virgin vi setup from FreeBSD install. "inside_vi :!" --> (ANY ! command, not just macro) The ! command is not supported when the secure edit option is set. "inside_vi :set all" --> (same as 4 other FreeBSD machines...) +=+=+=+=+=+=+=+ noaltwerase noextended matchtime=7 report=5 term="xterm" autoindent filec="" nomesg ruler noterse autoprint flash nomodeline scroll=27 notildeop noautowrite nogtagsmode noprint="" nosearchincr timeout backup="" hardtabs=0 nonumber secure nottywerase nobeautify noiclower nooctal shiftwidth=8 noverbose cdpath=":" ignorecase open noshowmatch warn cedit="" keytime=6 optimize showmode window=29 columns=80 noleftright path="" sidescroll=16 nowindowname nocomment lines=30 print="" noslowopen wraplen=0 noedcompatible nolisp prompt nosourceany wrapmargin=0 escapetime=6 nolist noreadonly tabstop=8 wrapscan noerrorbells lock noredraw taglength=0 nowriteany noexrc magic remap tags="tags" directory="/tmp/" msgcat="/usr/share/vi/catalog/" paragraphs="IPLPPPQPP LIpplpipbp" recdir="/var/tmp/vi.recover" sections="NHSHH HUnhsh" shell="/bin/sh" shellmeta="~{[*?$`'"^V" Press any key to continue [: to enter more ex commands]: "inside_vi :set nosecure" --> set: the secure option may not be turned off. ns1:/usr/local/www/info/docs> uname -a FreeBSD ns1.tru2life.net 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 10:40:27 UTC 2007 root@dessler.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 ns1:/usr/local/www/info/docs> sysctl -a | grep secure kern.securelevel: -1 net.inet.tcp.insecure_rst: 0 ns1:/usr/local/www/info/docs> whereis vi vi: /usr/bin/vi /usr/share/man/man1/vi.1.gz /usr/ports/editors/openoffice.org-2/work/OOE680_m6/helpcontent2/source/auxiliary/vi toor@lazy:/.../...> uname -a FreeBSD lazy.tru2life.net 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sun May 8 10:21:06 UTC 2005 root@harlow.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 toor@lazy:/.../...> sysctl -a | grep secure kern.securelevel: -1 net.inet.tcp.insecure_rst: 0 ns3:/usr/home/master> uname -a FreeBSD ns3.tru2life.net 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Sun May 7 04:32:43 UTC 2006 root@opus.cse.buffalo.edu:/usr/obj/usr/src/sys/GENERIC i386 ns3:/home/master> sysctl -a | grep secure kern.securelevel: -1 net.inet.tcp.insecure_rst: 0
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1211466380.47050>