Re: Solaris 2.3 login

John DiMarco (jdd@cdf.toronto.edu)
Fri, 12 Aug 1994 11:06:19 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Peter Wemm: "Re: Solaris 2.3 login"
Previous message: Perry E. Metzger: "Re: Solaris 2.3 login"
Maybe in reply to: Jas: "Solaris 2.3 login"
Next in thread: Wm Randolph Franklin: "Re: disabling login in V1 #14"

In message <9408120347.AA02964@matt.itd.uts.edu.au>you write:
>well i had a bit of a hack around last night with 2.3 login. it seems you
>can set enviroment variables with login such as
>
>% exec login user IFS=/
>
>now of course IFS,PTAH,SHELL cant be set but others can! now of course
>since login tries to read past the user name you can get login to core dump
>quite easily by over feeding it like this
>
>% exec login user "`cat big.binary.file`"
>
>this will quite hapilly core dump login. 

We've turned off public execute permission for login. The only thing
this breaks is the ability to type "login foo" and log in as foo after
being logged in as somebody else. su or "rlogin localhost -l foo" are 
perfectly suitable alternatives.

Regards,

John
--
John DiMarco <jdd@cdf.toronto.edu>                        Office: EA201B
Computing Disciplines Facility Systems Manager            Phone: 416-978-1928
University of Toronto                                     Fax:   416-978-1931
http://www.cdf.toronto.edu/personal/jdd/jdd.htm

Next message: Peter Wemm: "Re: Solaris 2.3 login"
Previous message: Perry E. Metzger: "Re: Solaris 2.3 login"
Maybe in reply to: Jas: "Solaris 2.3 login"
Next in thread: Wm Randolph Franklin: "Re: disabling login in V1 #14"