Alternate Shells
Doug Gwyn <gwyn>
gwyn at brl-tgr.ARPA
Thu Aug 15 18:01:31 AEST 1985
> Another reason that nags the back of my mind is a security hole, but by
> the time a shell is exec'd for you in login you are already setuid()'d
> and setgid()'d to you so it doesn't seem to me it opens any hole that
> isn't already there...hmmm.
I like this idea:
$ chsh myname '
> myroot::0:1::/:'
$ su myroot
#
Obviously chsh could check for this sort of thing, but it does
demonstrate (once again) that one has to think very deviously
when designing set-UID code.
More information about the Comp.unix
mailing list