HPE Community
Operating System - HP-UX
1753863 Members
7765 Online
108809 Solutions
New Discussion юеВ

/usr/bin/pg - without shell access

 
SOLVED
Go to solution
Fred Martin_1
Valued Contributor

тАО06-08-2001 11:00 AM

тАО06-08-2001 11:00 AM

/usr/bin/pg - without shell access

HP-UX 10.20...I run a database application which makes use of the /usr/bin/pg command, to display text files. Some of the unix-savvy users may discover that they can use ! to drop out of the software and get unix access.

Is there a way to disable this in /usr/bin/pg, or is there a supported replacement?
fmartin@applicatorssales.com
0 Kudos
Reply
3 REPLIES 3
A. Clay Stephenson
Acclaimed Contributor

тАО06-08-2001 11:16 AM

тАО06-08-2001 11:16 AM

Solution

Re: /usr/bin/pg - without shell access

Hi Fred,

HP-UX 11.x's version of pg has the -r option which removes the shell escape. You could then just make a wrapper and you are done. Unfortunately, not available in 10.20.

Regards, Clay
If it ain't broke, I can fix that.
Reply
James R. Ferguson
Acclaimed Contributor

тАО06-08-2001 11:19 AM

тАО06-08-2001 11:19 AM

Re: /usr/bin/pg - without shell access

Hi Fred:

One way around this is to make the application the default shell in /etc/passwd. Then, if the user is doing 'pg' (or 'more', etc.) and they attempt to "shell-out", they will simply spawn another instance of the application.

...JRF...
0 Kudos
Reply
A. Clay Stephenson
Acclaimed Contributor

тАО06-08-2001 11:25 AM

тАО06-08-2001 11:25 AM

Re: /usr/bin/pg - without shell access

Hi again Fred,

I put my thinking cap on and I have another idea. You could replace /usr/bin/pg with the less command (binary) available from:
http://gatekeep.cs.utah.edu/hppd/hpux/Gnu/less-358/
If you then set an environment var LESSSECURE=1
(in /etc/profile) the shell escape is removed.

Actually less is quite handy in that your users could then move bidirectionally within the text file.


Food for thought,
Clay
If it ain't broke, I can fix that.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.