Help

How to disable running commands from vi?

cjames
New Contributor II

Posted on ‎03-23-2017 05:45 AM

I want to stop standard users from being able to carry out a shell escape from vi, which gives them a root shell to do as they please. Please see the example below:

computer: user$ whoami
user
computer: user$ sudo vi
Password: (In VIM Editor, call ':bash')
sh-3.2# whoami
root
sh-3.2#

Best way to do this?

0 Kudos
Reply
2 REPLIES 2

rtrouton
Release Candidate Programs Tester

Posted on ‎03-23-2017 05:57 AM

If they have access to sudo, they're going to be able to access a root shell with or without vi. All they need to do is run sudo -s and now they're in a root shell.

a866a7523b3f45bab79dad7cf90b22e0

If you want to prevent folks from running things with root privileges, you need to remove their sudo rights.

0 Kudos
Reply

cjames
New Contributor II

Posted on ‎03-24-2017 01:28 AM

Currently our users do not have the ability to run a large percentage of progams with sudo except for vi and a couple of others.

computername: user$ sudo -s
Password: Sorry, <username> is not allowed to execute '/bin/bash' as root on <computername>

0 Kudos
Reply