Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.2 9/18/84; site brl-tgr.ARPA Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!think!harvard!seismo!brl-tgr!gwyn From: gwyn@brl-tgr.ARPA (Doug Gwyn) Newsgroups: net.unix Subject: Re: Alternate Shells Message-ID: <707@brl-tgr.ARPA> Date: Thu, 15-Aug-85 04:01:31 EDT Article-I.D.: brl-tgr.707 Posted: Thu Aug 15 04:01:31 1985 Date-Received: Sun, 18-Aug-85 03:14:13 EDT References: <10672@Glacier.ARPA> <575@bu-cs.UUCP> Organization: Ballistic Research Lab Lines: 14 > Another reason that nags the back of my mind is a security hole, but by > the time a shell is exec'd for you in login you are already setuid()'d > and setgid()'d to you so it doesn't seem to me it opens any hole that > isn't already there...hmmm. I like this idea: $ chsh myname ' > myroot::0:1::/:' $ su myroot # Obviously chsh could check for this sort of thing, but it does demonstrate (once again) that one has to think very deviously when designing set-UID code.