Should "su" change the USER environment variable?
wan at gatech.UUCP
wan at gatech.UUCP
Tue Nov 1 09:46:27 AEST 1983
The 'login' program does all sorts of wondrous things, one of which is
to change the /etc/utmp (on Berkeley) entry for that terminal. I have
had that bite me (while letting friends "use" my terminal). They would
do 'csh' and then 'login' ('csh' execs 'login', thereby killing the
original shell if you don't watch it). Well, whenever people did a 'w'
to see who was on, they would see the new person in my terminal slot.
When they terminated their new shell, I was back to my original login
shell, but any program which calls the 'getlogin' routine sees the other
individual. Needless to say, you can get caught ('passwd', for instance,
calls 'getlogin' to figure out which password to change, etc.) unawares.
I'm not sure, but other versions of 'login' must do that as well (unless
they can check to see if their parent is 'init' and not change anything
for non-top-level logins).
Also, if 'login' is setuid to root (it is on our system), it chowns the
terminal to the new person that you are logging in as. After you exit
that login session, the original owner cannot change the terminal device
mode (i.e., with 'chmod' or 'mesg')!
--
Peter N Wan
MAIL : School of ICS, Georgia Tech, Atlanta, Georgia 30332
BELL : (404) 894-3658 [office] / (404) 894-3152 [messages]
UUCP : ...!{akgua,allegra,emory,rlgvax,sb1,ut-ngp,ut-sally}!gatech!wan
ARPA : wan.gatech at CSNet-Relay CSNET : wan at gatech
More information about the Comp.unix.wizards
mailing list