Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!seismo!rutgers!ll-xn!mit-eddie!uw-beaver!tektronix!tekgen!puffin!penguin!richl
From: richl@penguin.USS.TEK.COM (Rick Lindsley)
Newsgroups: comp.unix.questions
Subject: Re: login shell == ../vi
Message-ID: <46@puffin.USS.TEK.COM>
Date: Wed, 1-Jul-87 15:38:54 EDT
Article-I.D.: puffin.46
Posted: Wed Jul  1 15:38:54 1987
Date-Received: Fri, 3-Jul-87 03:18:45 EDT
References: <10249@cgl.ucsf.EDU> <196@picuxa.UUCP> <629@uhccux.UUCP> <1452@ulowell.cs.ulowell.edu> <139@hobbes.UUCP>
Sender: nobody@puffin.USS.TEK.COM
Reply-To: richl@penguin.USS.TEK.COM (Rick Lindsley)
Organization: Tektronix, Inc., Beaverton, OR.
Lines: 32

In article <139@hobbes.UUCP> root@hobbes.UUCP (John Plocher) writes:
> Am I missing something?  Why shouldn't a user be allowed to change her
> shell to be anything she wants?  What is the difference between her running
> a program from a shell (% /usr/local/emacs foobar) or having the program as
> her shell (me::1000:1000:I said ME:/usr/guest:/usr/local/emacs)?
> 
> If I as a user change my shell to /bin/echo I will then have to beg root to
> change it back to something useful, same as if I changed it it /bin/true or
> /usr/ucb/yes.  More work for root, but in the given case (shell == ../vi)
> the public domain chsh from mod.sources archives tests to see that the new
> shell has an absolute path starting from / and has execute permissions.

I think you've hit it right there -- more work for root.

Consider a non-professional environment, say a university. Somebody
gets mad because their paper quota has run out, and they can't buy
anymore. So they write a quick program that ignores keyboard generated
signals and change their login shell. Then they log in to as many
terminals as possible, thus locking them up until a root-type person
can do a ps (possibly from the console) and kill them. Oh sure, he can
only lock up maybe 20 terminals before he exceeds his process limit,
but from the point of view of the rest of the computing environment he
has screwed them royally ... Everyone hates him, of course, but what
does he care? He's leaving this stupid school anyway, because school
sucks, and .........

Or the case of the simply naive person from ANY environment (in this
case, on a machine with job control). They make their shell vi. Then
they type ^Z. Ooops. Hung terminal. Find a root person. If it's after
5, you might have to hang it up for the day.

Rick