Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!bellcore!decvax!genrad!panda!talcott!harvard!godot!ima!haddock!mikeh
From: mikeh@haddock.UUCP
Newsgroups: net.unix-wizards
Subject: Re: disallowing subshell in More
Message-ID: <346@haddock.UUCP>
Date: Mon, 11-Feb-85 00:37:38 EST
Article-I.D.: haddock.346
Posted: Mon Feb 11 00:37:38 1985
Date-Received: Wed, 13-Feb-85 02:49:24 EST
Lines: 10
Nf-ID: #R:men1:-36200:haddock:16800038:000:443
Nf-From: haddock!mikeh    Feb 10 12:29:00 1985

Hi there,
	Just a thought, more(1) uses the enviornment variable $SHELL to 
	determine what shell to invoke.  The root id caller of more sets 
	SHELL to an innocuous program the hole vanishes.  I would 
	overimplement and have the $SHELL program setuid and setgid to 
	the user and then exec the users faviorite shell, but setting 
	$SHELL to /bin/true would probably work.  Not, what holes are in 
	my scheme?  
								mike &
								Herbie