more: Add MORESECURE and PAGERSECURE environment variables #3503

Add MORESECURE and PAGERSECURE environment variables to run 'more' in secure mode,
which will effectively disable the _!_ and _v_ commands. This helps to prevent
unprivileged users from running arbitrary shell commands or file manipulations.

Addresses: #3503
Signed-off-by: Christian Goeschel Ndjomouo <cgoesc2@wgu.edu>

diff --git a/text-utils/more.1.adoc b/text-utils/more.1.adoc
index b2f68427d25a0c94c70a7ddf59a6ed8a78414aab..aad95e0087069282b2fd97546c41782d356a170f 100644 (file)
--- a/text-utils/more.1.adoc
+++ b/text-utils/more.1.adoc
@@ -161,6 +161,16 @@ Display current file name and line number.
 *.*::
 Repeat previous command.
 
+== SECURITY
+
+When either MORESECURE or PAGERSECURE is set, *more* will run in "secure" mode and effectively disable the following commands:
+
+*!command* or *:!command*::
+Execute _command_ in a subshell.
+
+*v*::
+Start up an editor.
+
 == ENVIRONMENT
 
 The *more* command respects the following environment variables, if they exist:
@@ -183,6 +193,12 @@ The editor of choice when *VISUAL* is not specified.
 *POSIXLY_CORRECT*::
 Disable exit-on-eof (see option *-e* for more details).
 
+*MORESECURE*::
+Run *more* in "secure" mode. See SECURITY for details.
+
+*PAGERSECURE*::
+Equivalent to MORESECURE. 
+
 == HISTORY
 
 The *more* command appeared in 3.0BSD. This man page documents *more* version 5.19 (Berkeley 6/29/88), which is currently in use in the Linux community. Documentation was produced using several other versions of the man page, and extensive inspection of the source code.
@@ -195,6 +211,8 @@ Modified by Geoff Peck, UCB to add underlining, single spacing.
 
 Modified by John Foderaro, UCB to add -c and MORE environment variable.
 
+Modified by Christian Goeschel Ndjomouo to add MORESECURE and PAGERSECURE environment variables, and a SECURITY section
+
 == SEE ALSO
 
 *less*(1),

diff --git a/text-utils/more.c b/text-utils/more.c
index 92b257046b03b260df141a74100630650d60188f..54c567224797a5c2745b31d72aef9d74c55fdc81 100644 (file)
--- a/text-utils/more.c
+++ b/text-utils/more.c
@@ -41,6 +41,8 @@
  *     present curses can still be used.
  * 2010-10-21 Davidlohr Bueso <dave@gnu.org>
  *     modified mem allocation handling for util-linux
+ * 2025-04-03 Christian Goeschel Ndjomouo <cgoesc2@wgu.edu>
+ *     modified to add MORESECURE and PAGERSECURE environment variables
  */
 
 #include <stdio.h>
@@ -218,6 +220,7 @@ struct more_control {
                leading_colon,          /* key command has leading ':' character */
                is_eof,                 /* EOF detected */
                is_paused,              /* is output paused */
+               is_secure,              /* is running in secure mode */
                no_quit_dialog,         /* suppress quit dialog */
                no_scroll,              /* do not scroll, clear the screen and then display text */
                no_tty_in,              /* is input in interactive mode */
@@ -1801,8 +1804,13 @@ static int more_key_command(struct more_control *ctl, char *filename)
                        done = 1;
                        break;
                case more_kc_run_shell:
-                       run_shell(ctl, filename);
-                       break;
+                       if (ctl->is_secure == 1) {
+                               more_error(ctl, _("Command not available in secure mode"));
+                               break;
+                       } else {
+                               run_shell(ctl, filename);
+                               break;
+                       }
                case more_kc_help:
                        if (ctl->no_scroll)
                                more_clear_screen(ctl);
@@ -1833,7 +1841,11 @@ static int more_key_command(struct more_control *ctl, char *filename)
                        done = 1;
                        break;
                case more_kc_run_editor:        /* This case should go right before default */
-                       if (!ctl->no_tty_in) {
+                       if (ctl->is_secure == 1) {
+                               more_error(ctl, _("Command not available in secure mode"));
+                               break;
+                       }
+                       if (!ctl->no_tty_in) {
                                execute_editor(ctl, cmdbuf, sizeof(cmdbuf), filename);
                                break;
                        }
@@ -2105,6 +2117,9 @@ int main(int argc, char **argv)
 
        ctl.exit_on_eof = getenv("POSIXLY_CORRECT") ? 0 : 1;
 
+       if (getenv("MORESECURE") || getenv("PAGERSECURE"))
+               ctl.is_secure = 1;
+
        if ((s = getenv("MORE")) != NULL)
                env_argscan(&ctl, s);