Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/3/84; site sesame.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!genrad!panda!talcott!sesame!rick
From: rick@sesame.UUCP (Rick Richardson)
Newsgroups: net.bugs.usg
Subject: Re: bug in /bin/login
Message-ID: <155@sesame.UUCP>
Date: Sun, 3-Mar-85 15:09:04 EST
Article-I.D.: sesame.155
Posted: Sun Mar  3 15:09:04 1985
Date-Received: Tue, 5-Mar-85 01:46:33 EST
References: <2121@ncrcae.UUCP>
Organization: Free-Access Unix in Boston
Lines: 16

> Looking throught the code (SysVr2) for /bin/login the other day
> I saw an interesting piece of code.  As soon as the username is 
> found in /etc/passwd login examines the gcos field (comments field)
> for an initial string of "pri=". If found the following (signed)
> integer is used in a nice() call, changing the nice value BEFORE
> the passwd is validated.
> ...
> Mike Wescott

This isn't the only possible way to circumvent the "pri" field.  I
find it quite nice on systems that let you either "newuser" or change
your "gcos" field at will.  My name becomes "pri=-20 Rick Richardson".
But don't tell too many people about this.  I wouldn't want it to go away!

-Rick Richardson
PC Research, Inc.