execution environment (checking if in .profile)

Lawrence V. Cipriani lvc at tut.cis.ohio-state.edu
Sun Feb 28 01:30:58 AEST 1988 

In article <3668 at mtgzz.UUCP> avr at mtgzz.UUCP (XMRP50000[jcm]-a.v.reed) writes:
>In article <7162 at tut.cis.ohio-state.edu>, lvc at tut.cis.ohio-state.edu (Lawrence V. Cipriani) writes:
>> Is there a way for a program to tell if it was executed
>> 1) via a users .profile or 2) by a user on their command line?
>> Yes its a strange question, but can it be done?  Thanks,
>
>It depends on the login shell. For example, ksh sets TMOUT
>to the system-defined value (often 7200) when it leaves
>.profile. Thus, if your user's login shell is ksh, put in
>/etc/profile the lines
>    TMOUT=0
>    # or any value different from the system-defined value
>    export TMOUT
>    # so your program can examine it
>    readonly TMOUT
>    # so the user can't change it at the start of .profile
>and then have the program check the value of TMOUT in env.
>				Adam Reed (mtgzz!avr)


Excellent idea!  Unfortunately I need this for Bourne shell.  What I
ended up suggesting to who needed the answer is to prompt the user
for their passwd, if it is ok then proceed, otherwise don't.  The program
printed the current dial up passwd(!), and one of their users was running
the program out of their .profile.  They wanted to be able to prevent
this since it would be possible for someone to see the dial up passwd
by looking over this users shoulder or whatever.  Now, with this
extra prompt for the users passwd it is more annoying to use the program,
and the user should be more sensitive about who is around when they run
this program since their own password might get seen.  Also, the added
security check prevents the program from being run by someone that doesn't
know the login users password.

While writing this I thought of a way to defeat this (albeit obscurely).
This might work in the .profile

	/bin/ksh<<-EOF
		TMOUT=2313
		program
	EOF

Since the readonly attribute is not propogated to children, TMOUT gets set
and the program will run. 
-- 
oo
Larry Cipriani, AT&T Networks Systems (by day) Ohio State University (by night)
Domain: lvc at tut.cis.ohio-state.edu
Path: ...!cbosgd!osu-cis!tut.cis.ohio-state.edu!lvc (yes its right)

More information about the Comp.unix.wizards mailing list