Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site brl-tgr.ARPA
Path: utzoo!watmath!clyde!burl!ulysses!allegra!mit-eddie!think!harvard!seismo!brl-tgr!gwyn
From: gwyn@brl-tgr.ARPA (Doug Gwyn )
Newsgroups: net.unix
Subject: Re: Alternate Shells
Message-ID: <707@brl-tgr.ARPA>
Date: Thu, 15-Aug-85 04:01:31 EDT
Article-I.D.: brl-tgr.707
Posted: Thu Aug 15 04:01:31 1985
Date-Received: Sun, 18-Aug-85 03:14:13 EDT
References: <10672@Glacier.ARPA> <575@bu-cs.UUCP>
Organization: Ballistic Research Lab
Lines: 14

> Another reason that nags the back of my mind is a security hole, but by
> the time a shell is exec'd for you in login you are already setuid()'d
> and setgid()'d to you so it doesn't seem to me it opens any hole that
> isn't already there...hmmm.

I like this idea:
	$ chsh myname '
	> myroot::0:1::/:'
	$ su myroot
	# 

Obviously chsh could check for this sort of thing, but it does
demonstrate (once again) that one has to think very deviously
when designing set-UID code.