Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!watmath!clyde!burl!ulysses!allegra!bellcore!decvax!genrad!panda!talcott!harvard!godot!ima!haddock!mikeh From: mikeh@haddock.UUCP Newsgroups: net.unix-wizards Subject: Re: disallowing subshell in More Message-ID: <346@haddock.UUCP> Date: Mon, 11-Feb-85 00:37:38 EST Article-I.D.: haddock.346 Posted: Mon Feb 11 00:37:38 1985 Date-Received: Wed, 13-Feb-85 02:49:24 EST Lines: 10 Nf-ID: #R:men1:-36200:haddock:16800038:000:443 Nf-From: haddock!mikeh Feb 10 12:29:00 1985 Hi there, Just a thought, more(1) uses the enviornment variable $SHELL to determine what shell to invoke. The root id caller of more sets SHELL to an innocuous program the hole vanishes. I would overimplement and have the $SHELL program setuid and setgid to the user and then exec the users faviorite shell, but setting $SHELL to /bin/true would probably work. Not, what holes are in my scheme? mike & Herbie