Skip to main content
Question

How to disable running commands from vi?


Forum|alt.badge.img+3

I want to stop standard users from being able to carry out a shell escape from vi, which gives them a root shell to do as they please. Please see the example below:

computer: user$ whoami
user
computer: user$ sudo vi
Password: (In VIM Editor, call ':bash')
sh-3.2# whoami
root
sh-3.2#

Best way to do this?

2 replies

Forum|alt.badge.img+31

If they have access to sudo, they're going to be able to access a root shell with or without vi. All they need to do is run sudo -s and now they're in a root shell.

If you want to prevent folks from running things with root privileges, you need to remove their sudo rights.


Forum|alt.badge.img+3
  • Author
  • New Contributor
  • 6 replies
  • March 24, 2017

Currently our users do not have the ability to run a large percentage of progams with sudo except for vi and a couple of others.

computername: user$ sudo -s
Password: Sorry, <username> is not allowed to execute '/bin/bash' as root on <computername>


Reply


Cookie policy

We use cookies to enhance and personalize your experience. If you accept you agree to our full cookie policy. Learn more about our cookies.

 
Cookie settings