tuxpower/shell_escape.md

Last active September 18, 2018 08:43

Star () You must be signed in to star a gist
Fork () You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/tuxpower/9316c66fc9f2f6ec45fbb2973a58fd7b.js"></script>
Save tuxpower/9316c66fc9f2f6ec45fbb2973a58fd7b to your computer and use it in GitHub Desktop.

Raw

Preventing users from using shell escapes

Certain programs, especially text editors and pagers, have a handy shell escape feature. This allows a user to run a shell command without having to exit the program first. For example, from the command mode of the Vi and Vim editors, someone could run the ls command by doing :!ls.

You can fix this problem by having sudoedit instead of vim:

<USERNAME>     ALL=(ALL)     sudoedit /etc/ssh/sshd_config

sudoedit has no shell escape feature, so you can safely allow someone to use it.

Other programs that have a shell escape feature include the following:

emacs
less
view
more

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment