Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!linus!philabs!seismo!hao!hplabs!sri-unix!v.sdcrdcf!csun!mab@ucla-locus
From: mab@ucla-locus@csun.UUCP
Newsgroups: net.unix-wizards
Subject: none
Message-ID: <11934@sri-arpa.UUCP>
Date: Tue, 20-Sep-83 21:45:00 EDT
Article-I.D.: sri-arpa.11934
Posted: Tue Sep 20 21:45:00 1983
Date-Received: Tue, 27-Sep-83 01:54:42 EDT
Lines: 20


At CSUN, games are run through a restriction program which is suid
and which accesses games in a specific directory.  The variable "SHELL"
and the varaible RSHEL are used to control his access.  If SHELL is
not already set, it is set to his default shell. RSHEL is set to refer
to a program which will restore his uid, and exec his default shell.

Any program placed into the games directory is edited (with adb for those
games we dont have source to) to use the RSHEL variable where it otherwise
used SHELL.  Any binary that was hardcoded to refer to a specific shell
gets edited to refer to our 'drop-shell'.  This way, users who spawn
shells from their game, get to be themselves.  

See any problems with this?

Oh yes, the restrict program does a nice(20) too. rogue players love
this (heh-heh).

	Michael A. Bloom
	California State University,  Northridge