Xref: utzoo comp.unix.questions:5844 comp.unix.wizards:6723 Path: utzoo!mnetor!uunet!seismo!sundc!pitstop!sun!decwrl!labrea!agate!ig!uwmcsd1!tut.cis.ohio-state.edu!lvc From: lvc@tut.cis.ohio-state.edu (Lawrence V. Cipriani) Newsgroups: comp.unix.questions,comp.unix.wizards Subject: Re: execution environment (checking if in .profile) Message-ID: <7349@tut.cis.ohio-state.edu> Date: 27 Feb 88 15:30:58 GMT References: <7162@tut.cis.ohio-state.edu> <3668@mtgzz.UUCP> Distribution: na Organization: The Ohio State University Dept of Computer and Information Science Lines: 48 Keywords: sh,exec In article <3668@mtgzz.UUCP> avr@mtgzz.UUCP (XMRP50000[jcm]-a.v.reed) writes: >In article <7162@tut.cis.ohio-state.edu>, lvc@tut.cis.ohio-state.edu (Lawrence V. Cipriani) writes: >> Is there a way for a program to tell if it was executed >> 1) via a users .profile or 2) by a user on their command line? >> Yes its a strange question, but can it be done? Thanks, > >It depends on the login shell. For example, ksh sets TMOUT >to the system-defined value (often 7200) when it leaves >.profile. Thus, if your user's login shell is ksh, put in >/etc/profile the lines > TMOUT=0 > # or any value different from the system-defined value > export TMOUT > # so your program can examine it > readonly TMOUT > # so the user can't change it at the start of .profile >and then have the program check the value of TMOUT in env. > Adam Reed (mtgzz!avr) Excellent idea! Unfortunately I need this for Bourne shell. What I ended up suggesting to who needed the answer is to prompt the user for their passwd, if it is ok then proceed, otherwise don't. The program printed the current dial up passwd(!), and one of their users was running the program out of their .profile. They wanted to be able to prevent this since it would be possible for someone to see the dial up passwd by looking over this users shoulder or whatever. Now, with this extra prompt for the users passwd it is more annoying to use the program, and the user should be more sensitive about who is around when they run this program since their own password might get seen. Also, the added security check prevents the program from being run by someone that doesn't know the login users password. While writing this I thought of a way to defeat this (albeit obscurely). This might work in the .profile /bin/ksh<<-EOF TMOUT=2313 program EOF Since the readonly attribute is not propogated to children, TMOUT gets set and the program will run. -- oo Larry Cipriani, AT&T Networks Systems (by day) Ohio State University (by night) Domain: lvc@tut.cis.ohio-state.edu Path: ...!cbosgd!osu-cis!tut.cis.ohio-state.edu!lvc (yes its right)