3

I want to write an interactive program like 'less' command for Linux. Reason I can't use less in my setup because you can execute shell commands within less prompt '!cmd' which can be a major security risk for any production box.

My preferred language is C, however, if anyone can suggest any other similar program that will be great too, owing to the time I have in my hand.

I know one option will be to browse through the less source code, but it looks like that is not very straight forward either in short time.

fedorqui
  • 275,237
  • 103
  • 548
  • 598
chandank
  • 953
  • 11
  • 24
  • 2
    You should approach the security problem more in depth - the command should be run inside an unpriviledged shell (maybe even a chroot), so even if an attacker gains access to a shell it won't have security implications. – Matteo Italia Apr 02 '14 at 14:59
  • 1
    Wouldn't a better title for this question be *Making `less` more secure?* As is it's an X-Y problem. – kojiro Apr 02 '14 at 15:37
  • 1
    Even if you could write this program, if you can log into the system and run it, then you could run other shell commands as well, so I fail to see how preventing a pager program from running other commands makes your system any more secure... – twalberg Apr 02 '14 at 16:25
  • @kojiro That might be a better title for the accepted answer, but the question desires something other than less; so, the question would have to be edited in addition to the title, were it to be changed, in order for it to make much sense to people reading it. – Brōtsyorfuzthrāx Oct 27 '22 at 22:24

2 Answers2

11

Amazing, I got the answer in Man page of less itself. You can disable these stuff using one of the variables.

SECURITY When the environment variable LESSSECURE is set to 1, less runs in a "secure" mode. This means these fea‐ tures are disabled:

          !      the shell command

          |      the pipe command

          :e     the examine command.

          v      the editing command

          s  -o  log files

          -k     use of lesskey files

          -t     use of tags files

                 metacharacters in filenames, such as *

                 filename completion (TAB, ^L)

   Less can also be compiled to be permanently in "secure" mode.
chandank
  • 953
  • 11
  • 24
-2

'less' / 'more' are processes or program by itself. You read the o/p of the other command which you run (probably you will be redirecting with a pipe | ), and parse through them like a file and print every 10 lines.

This can by simply done with python or with C. But logic should be same

Subramanian K
  • 1
  • 2
  • I clearly said that I want either name of alternative program which has same feature or the program itself. – chandank Apr 02 '14 at 15:25
  • I also read that you wanted to write a program (preferably in c) and it will be great if you would know the program name if it exists. – Subramanian K Apr 02 '14 at 15:56
  • @chandank no you didn't, I read your question several times, and it clearly says you want to write a progam by yourself. Nowhere I read that you want the program itself – Risinek Nov 15 '20 at 09:52