Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/3/84; site sesame.UUCP Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!genrad!panda!talcott!sesame!rick From: rick@sesame.UUCP (Rick Richardson) Newsgroups: net.bugs.usg Subject: Re: bug in /bin/login Message-ID: <155@sesame.UUCP> Date: Sun, 3-Mar-85 15:09:04 EST Article-I.D.: sesame.155 Posted: Sun Mar 3 15:09:04 1985 Date-Received: Tue, 5-Mar-85 01:46:33 EST References: <2121@ncrcae.UUCP> Organization: Free-Access Unix in Boston Lines: 16 > Looking throught the code (SysVr2) for /bin/login the other day > I saw an interesting piece of code. As soon as the username is > found in /etc/passwd login examines the gcos field (comments field) > for an initial string of "pri=". If found the following (signed) > integer is used in a nice() call, changing the nice value BEFORE > the passwd is validated. > ... > Mike Wescott This isn't the only possible way to circumvent the "pri" field. I find it quite nice on systems that let you either "newuser" or change your "gcos" field at will. My name becomes "pri=-20 Rick Richardson". But don't tell too many people about this. I wouldn't want it to go away! -Rick Richardson PC Research, Inc.