Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/3/84; site security.UUCP
Path: utzoo!linus!security!jjg
From: jjg@security.UUCP (Jeff Glass)
Newsgroups: net.unix-wizards
Subject: Re: 4.2 oddity -- SLOGIN flag in proc.h
Message-ID: <940@security.UUCP>
Date: Tue, 13-Aug-85 09:46:13 EDT
Article-I.D.: security.940
Posted: Tue Aug 13 09:46:13 1985
Date-Received: Wed, 14-Aug-85 02:51:11 EDT
References: <607@brl-tgr.ARPA>
Reply-To: jjg@security.UUCP (Jeff Glass)
Organization: MITRE Corp., Bedford, Ma.
Lines: 21
Summary: 

In article <607@brl-tgr.ARPA> scc%computer-lab.cambridge.ac.uk@ucl-cs.arpa (Stephen Crawley) writes:
> The  header file contains the following line :-
> 
> #define	SLOGIN	0x0800000	/* a login process (legit child of init) */
> 
> However, ps -axl indicates that this bit is not set for any processes.
> Indeed, grepping /sys/sys confirmed that SLOGIN isn't referenced anywhere.
> While making sure that the flag gets set would seem to be straight forward,
> I'm not convinced that it would be stunningly useful.  [ What would be
> more useful would be if the login shell pid were recorded in /etc/utmp! ]

I think this method would be superior to the way that {c,}sh now find that
they are login shells (checking if argv[0][0] == '-').  at least one security
hole takes advantage of this.

I also think Stephen's suggestion (putting the pid in utmp) is pretty neat.

/jeff
-- 
  security!jjg@mitre-bedford.ARPA				(MIL)
 {allegra,ihnp4,utzoo,philabs,uw-beaver}!linus!security!jjg	(UUCP)