Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10 5/3/83; site gatech.UUCP
Path: utzoo!linus!decvax!harpo!floyd!clyde!akgua!emory!gatech!wan
From: wan@gatech.UUCP
Newsgroups: net.unix-wizards
Subject: Re: Should "su" change the USER environment variable?
Message-ID: <1805@gatech.UUCP>
Date: Mon, 31-Oct-83 18:46:27 EST
Article-I.D.: gatech.1805
Posted: Mon Oct 31 18:46:27 1983
Date-Received: Thu, 3-Nov-83 08:29:46 EST
References: <12928@sri-arpa.UUCP>, <6048@watmath.UUCP>
Organization: School of Information and Computer Science, Georgia Tech (Atlanta, Georgia)
Lines: 24

The 'login' program does all sorts of wondrous things, one of which is
to change the /etc/utmp (on Berkeley) entry for that terminal.  I have
had that bite me (while letting friends "use" my terminal).  They would
do 'csh' and then 'login' ('csh' execs 'login', thereby killing the
original shell if you don't watch it).  Well, whenever people did a 'w'
to see who was on, they would see the new person in my terminal slot.
When they terminated their new shell, I was back to my original login
shell, but any program which calls the 'getlogin' routine sees the other
individual.  Needless to say, you can get caught ('passwd', for instance,
calls 'getlogin' to figure out which password to change, etc.) unawares.
I'm not sure, but other versions of 'login' must do that as well (unless
they can check to see if their parent is 'init' and not change anything
for non-top-level logins).

Also, if 'login' is setuid to root (it is on our system), it chowns the
terminal to the new person that you are logging in as.  After you exit
that login session, the original owner cannot change the terminal device
mode (i.e., with 'chmod' or 'mesg')!
-- 
Peter N Wan
MAIL  : School of ICS, Georgia Tech, Atlanta, Georgia  30332
BELL  : (404) 894-3658 [office] / (404) 894-3152 [messages]
UUCP  : ...!{akgua,allegra,emory,rlgvax,sb1,ut-ngp,ut-sally}!gatech!wan
ARPA  : wan.gatech@CSNet-Relay 			CSNET : wan@gatech