HPE Community
Operating System - HP-UX
1833760 Members
2363 Online
110063 Solutions
New Discussion

Truly read-only viewer like more or vi?

 
SOLVED
Go to solution
A. Daniel King_1
Super Advisor

‎06-25-2002 08:25 AM

‎06-25-2002 08:25 AM

Re: Truly read-only viewer like more or vi?

Martin,

I'm not a big fan of the default restricted shells - there are simply too many holes. There was once a project called osh ... ah, but it is long dead - and had holes, still.

Steven,

I like the idea of using lynx ... but this is a vast program, and may have undesirable options. I will investigate as I have time.
Command-Line Junkie
0 Kudos
Reply
George Abraham_1
Regular Advisor

‎06-27-2002 07:37 AM

‎06-27-2002 07:37 AM

Re: Truly read-only viewer like more or vi?

hai Danny

Lynx is a ocean.. if you are not familiar with that you might end up having more troubles...

you can get more or less the same functions using basic unix commands

regards
george
keep smiling
0 Kudos
Reply
Keith Buck
Respected Contributor

‎06-28-2002 05:17 AM

‎06-28-2002 05:17 AM

Re: Truly read-only viewer like more or vi?

Daniel,

two more notes:

1. In the example:

#!/usr/bin/ksh
cat $1 | SHELL="/dev/null" /usr/bin/more

You should be sure to use the full path name to /usr/bin/cat so that the script doesn't use $PATH to find it.

2. You should _never_ make a shell script SUID. Sorry for not making that clearer before. There are known problems in many versions of Unix (I don't know exactly which ones) with the handling of suid scripts. The program suidperl (sperl) is meant to address these issues, or you can make a simple compiled program with the same logic.

Still, there are no guarantees that any program you write will not have holes, no matter how short the program is. The programs you mention that have "way too many holes" were written by knowledgeable security people, but still they have holes. That's why it's best to use existing OS features whenever possible (such as permissions) to enforce your policies.
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.