unix src vs binary
cottrell at nbs-vms.ARPA
cottrell at nbs-vms.ARPA
Tue Feb 12 10:33:10 AEST 1985
/*
>From Roger Hale replying to...
> From: cottrell at NBS-VMS.ARPA
> (Replying-to: BostonU SysMgr <root%bostonu.csnet at CSNET-RELAY.ARPA>)
> > Time of day could be enforced by coding a `shell' program that
> > chec[ks] the time, & only exec's /bin/sh if legal. It could also
> > require secondary passwords. The path name of the user's desired
> > shell could be encoded after his name in the gecos field.
>
> I wouldn't use the gecos field; it's already overused. Berkeley
> keeps a finger database in the position you mention. (Version 7
> suggests GCOS job number, box number, optional GCOS user-id *<8-) .)
> I would look for a .shell file in the user's home directory and
> accept the name therein if it's on my list of ``trusted shells''
> (which I might compile in or read from a ``secure'' file in /etc).
>
> Yr obedt svt,
> Roger Hale (roger at ll-sst)
Okay, don't use gecos. Use .shell in his home directory (if it exists)
or default to your favorite of sh or csh. BUT, there is no reason to
quibble about his choice of shells. They need not be trusted. As long
as you exec it the same way with the same uid, gid, & file descriptors
as would normally happen, there is no reason to limit his choice. He
can't do anything those trusted shells can do or something else is amiss.
*/
More information about the Comp.unix.wizards
mailing list