From: utzoo!decvax!cca!fred.umcp-cs@Udel-Relay@sri-unix Newsgroups: net.unix-wizards Title: True login names Article-I.D.: sri-unix.3254 Posted: Mon Sep 13 14:56:17 1982 Received: Tue Sep 14 05:19:23 1982 From: Fred BlonderDate: 9 Sep 82 18:54:58-EDT (Thu) Here's what we did to fix the logging-in-as-someone-else-from-a-subshell loophole in 4.1BSD: In login.c 84a85,90 > > /* Check to see if we are the immediate child process of init */ > if (getppid() > 1) { > printf("This doesn't work anymore bandy.\n"); > exit(1); > } This modification to login allows it to run only if it has been exec-ed by getty, or by a login shell. The getppid (get parent process-id) system call (actually just a variant of getpid) is totally undocumented. I discovered it on 4.1BSD while I was tring to write the same thing as a subroutine. I have no idea as to which (if any) other Unices have it.