Re: vi secure

Thu, 22 May 2008 11:27:56 -0700 

At 09:26 AM 5/22/2008, William O. Yates wrote:

On 21/May/2008 19:26 Frank Shute wrote ..
> On Wed, May 21, 2008 at 01:51:03PM -0700, William O. Yates wrote:
> >
> > [sent the below message thru the freebsd-security list with no
> > answers, hope for more from freebsd-questions]
> >
> > Recently started using vi macros.
>
> Show us the macro.
>
> >
> > When attempting to use one which accessed the external shell, got
> > the following message:
> >
> > "The ! command is not supported when the secure edit option is set."
>
> What does:
>
> :set
>
> show you?
>
> External commands work for me. Sure your vi isn't aliased? When
> doesn't it work? As root or ordinary user or both?
>
> What's your secure level?:
>
> $ sysctl -a | grep secure
>
> What does:
>
> $ whereis vi
>
> give you?
>
> and:
>
> $ uname -a
>
> >
> > When attempting to ":set nosecure" got:
> >
> > "set: the secure option may not be turned off."
> >
> > When attempting to "set nosecure" in my .exrc file, got:
> >
> > set nonumber .exrc, 44: set: the secure option may not be turned off
> > .exrc, 44: Ex command failed: pending commands discarded
> >
> > Looking through all the man pages, vi references, tutorials, and the
> > the oreilly vi "bible", can't find anything...
> >
> > Is "set secure" a compiled in setting?
>
> No.
>
> >
> > >From FreeBSD vi man page:
> >
> >        -S     Run  with  the secure edit option set, disallowing all
> >        access to external programs.  and secure [off] Turns off all
> >        access to external programs.
> >
> > ..william.o.yates...hackware.at.tru2life.net...tru2life.info...
>
> --
>
>  Frank
>
>
>  Contact info: http://www.shute.org.uk/misc/contact.html
..william.o.yates...hackware.at.tru2life.net...tru2life.info...

I usually run as root when updating systems (toor actually)...
But symptoms are same for root and user level in vi, FreeBSD-[5.4,6.1,6.2,6.3]. 

NO nfs mounts, aliases, or any other funny stuff I can think of.

Virgin vi setup from FreeBSD install.

"inside_vi :!" --> (ANY ! command, not just macro)
The ! command is not supported when the secure edit option is set.

"inside_vi :set all" --> (same as 4 other FreeBSD machines...)
+=+=+=+=+=+=+=+
noaltwerase     noextended      matchtime=7     report=5        term="xterm"
autoindent      filec=""        nomesg          ruler           noterse
autoprint       flash           nomodeline      scroll=27       notildeop
noautowrite     nogtagsmode     noprint=""      nosearchincr    timeout
backup=""       hardtabs=0      nonumber        secure          nottywerase
nobeautify      noiclower       nooctal         shiftwidth=8    noverbose
cdpath=":"      ignorecase      open            noshowmatch     warn
cedit=""        keytime=6       optimize        showmode        window=29
columns=80      noleftright     path=""         sidescroll=16   nowindowname
nocomment       lines=30        print=""        noslowopen      wraplen=0
noedcompatible  nolisp          prompt          nosourceany     wrapmargin=0
escapetime=6    nolist          noreadonly      tabstop=8       wrapscan
noerrorbells    lock            noredraw        taglength=0     nowriteany
noexrc          magic           remap           tags="tags"
directory="/tmp/"
msgcat="/usr/share/vi/catalog/"
paragraphs="IPLPPPQPP LIpplpipbp"
recdir="/var/tmp/vi.recover"
sections="NHSHH HUnhsh"
shell="/bin/sh"
shellmeta="~{[*?$`'"^V"
Press any key to continue [: to enter more ex commands]:

"inside_vi :set nosecure" -->
set: the secure option may not be turned off.

ns1:/usr/local/www/info/docs> uname -a
FreeBSD ns1.tru2life.net 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Fri Jan 12 10:40:27 UTC 2007 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 

ns1:/usr/local/www/info/docs> sysctl -a | grep secure
kern.securelevel: -1
net.inet.tcp.insecure_rst: 0

ns1:/usr/local/www/info/docs> whereis vi
vi: /usr/bin/vi /usr/share/man/man1/vi.1.gz /usr/ports/editors/openoffice.org-2/work/OOE680_m6/helpcontent2/source/auxiliary/vi 

[EMAIL PROTECTED]:/.../...> uname -a
FreeBSD lazy.tru2life.net 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Sun May 8 10:21:06 UTC 2005 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 

[EMAIL PROTECTED]:/.../...> sysctl -a | grep secure
kern.securelevel: -1
net.inet.tcp.insecure_rst: 0

ns3:/usr/home/master> uname -a
FreeBSD ns3.tru2life.net 6.1-RELEASE FreeBSD 6.1-RELEASE #0: Sun May 7 04:32:43 UTC 2006 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/GENERIC i386 

ns3:/home/master> sysctl -a | grep secure
kern.securelevel: -1
net.inet.tcp.insecure_rst: 0



What are the mount options for /tmp and /var/tmp?
If you start vi on a mounted filesystem with noexec set this can cause the problem. 

        -Derek

--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to