bug in /bin/login
Rick Richardson
rick at sesame.UUCP
Mon Mar 4 06:09:04 AEST 1985
> Looking throught the code (SysVr2) for /bin/login the other day
> I saw an interesting piece of code. As soon as the username is
> found in /etc/passwd login examines the gcos field (comments field)
> for an initial string of "pri=". If found the following (signed)
> integer is used in a nice() call, changing the nice value BEFORE
> the passwd is validated.
> ...
> Mike Wescott
This isn't the only possible way to circumvent the "pri" field. I
find it quite nice on systems that let you either "newuser" or change
your "gcos" field at will. My name becomes "pri=-20 Rick Richardson".
But don't tell too many people about this. I wouldn't want it to go away!
-Rick Richardson
PC Research, Inc.
More information about the Net.bugs.usg
mailing list