Xref: feenix.metronet.com comp.unix.questions:10239 comp.unix.admin:5249 comp.unix.shell:3972
Newsgroups: comp.unix.questions,comp.unix.admin,comp.unix.shell
Path: feenix.metronet.com!news.utdallas.edu!wupost!howland.reston.ans.net!agate!boulder!wraeththu.cs.colorado.edu!tchrist
From: Tom Christiansen <tchrist@cs.Colorado.EDU>
Subject: Re: rvi - restricted vi??
Message-ID: <1993Sep1.155512.17193@colorado.edu>
Originator: tchrist@wraeththu.cs.colorado.edu
Sender: news@colorado.edu (The Daily Planet)
Nntp-Posting-Host: wraeththu.cs.colorado.edu
Reply-To: tchrist@cs.colorado.edu (Tom Christiansen)
Organization: University of Colorado, Boulder
References: <1993Aug31.235345.24156@convex.com>
Date: Wed, 1 Sep 1993 15:55:12 GMT
Lines: 120

From the keyboard of cwang@convex.com (Cindy Wang):
:I know someone who is setting up restricted shell.  He'd like
:to have vi in /usr/rbin but couldn't because of the :!shell feature 
:in vi.  Is there a rvi -- restricted vi somewhere?

I've used this, which is a wrapper around any editor.  

--tom

#!/usr/bin/perl
#
# seced  -- secure editor wrapper
# Tom Christiansen <tchrist@cs.colorado.edu>
# based on an idea by Ray Davis <rdavis@convex.com>
#
# install suid root or with a suid wrapper

%ok = ( '/usr/ucb/vi',		1,
	'/usr/ucb/ex',		1,
	'/bin/ed',		1,
	'/usr/local/bin/emacs',	1,
      );

$tmpdir = "/tmp/seced.$$";

die "$0: Not superuser\n" if $>;
die "usage: $0 file ...\n" if $#ARGV < 0;

chop($cwd = `pwd`);

mkdir($tmpdir,0700) || die "can't mkdir $tmpdir: $!";
chdir($tmpdir) 	    || die "can't chdir $tmpdir: $!";
mkdir('tmp',  0777) || die "can't mkdir $tmpdir/tmp: $!";

&cp_editor;
&cp_files;

if ($kid = fork) {
    die "cannot fork: $!" 	if $kid == -1;
    $pid = wait until $pid == $kid || $pid == -1;
    die "wait: no kids" 	if $pid == -1;
    warn "$0: edit failed with status " . ($? >> 8) . "\n"
	if $?;
} else { 
    chroot($tmpdir) || die "can't chroot $tmpdir: $!";
    exec($editor, @ARGV);
    # NOT REACHED
} 

&replace_files unless $?;

chdir('/') 	   || die "absurd failure to chdir to /: $!";

exec('/bin/rm', '-rf', $tmpdir);

# NOT REACHED

sub cp_editor {
    $editor =  $ENV{'SECED'} 
	    || $ENV{'VISUAL'} 
	    || $ENV{'EDITOR'} 
	    || '/usr/ucb/vi';

    die "$0: need full path for \$EDITOR: $editor\n" 
	unless $editor =~ m#^/#;

    die "$0: illegal \$EDITOR: $editor\n" 
	unless defined $ok{$editor};

    system('/bin/cp', $editor, '.') 
	&& die "$0: couldn't cp editor\n";

    if ($editor eq '/usr/ucb/vi' || $editor eq '/usr/ucb/ex') {
	$home = $ENV{'HOME'} || '/';
	$startup = "$home/.exrc";
	if (-e $startup && -O _) {
	    system('/bin/cp', $startup, '.') 
		&& die "$0: couldn't cp $startup\n";
	    chown($<, -1, '.exrc');
	} 
    } 

    $editor =~ s#.*(/[^/]+)$#.$1#;
} 

sub cp_files {
    @files = grep(/^[^-]/, @ARGV);
    grep(s#^[^/]#$cwd/$&#, @files);

    die "no files to edit" if $#files < 0;

    system('/bin/cp', @files, '.') 
	&& die "couldn't cp files";

    chown($<, -1, <*>)
	|| die "couldn't chown files to uid $<";

    for (@files) { 
	($local = $_) =~ s#.*/##;
	unless (-T) {
	    warn "$0: WARNING: $_ not a text file\n";
	    sleep(1);
	}
	$mtime{$_} = (stat($local))[9];
    }
} 

sub replace_files {
    for (@files) {
	($local = $_) =~ s#.*/##;
	if ((stat($local))[9] == $mtime{$_}) {
	    warn "$0: $_ unmodified\n";
	    next;
	} 
	system('/bin/cp', $local, $_)
	    && die "$0: can't cp $local $_\n";
    } 
} 
-- 
    Tom Christiansen      tchrist@cs.colorado.edu       303-444-3212