[comp.sys.hp] Possible 'loophole' during an HP-UX login

rkl@anduin.cs.liverpool.ac.uk (09/04/90)

Someone brought to my attention the following "loophole" when running
/etc/profile or /etc/csh.login under HP-UX (6.2,6.5 or 7.0) on Series 300
or 800 machines:

$ telnet hostname
login: fred IFS=euq          # Yes, login can assign env. vars.
Password: <Type password)

Depending on the chars assigned to IFS, you are very likely to get
"test: argument expected" and a complete bomb out to the shell prompt.
We implement a "home-brew" quotaing check (roll on 8.0 !) at login and
this circumvents it quite easily.

How to fix it:

The IFS variable is used by ksh to determine the separators for read
and test and doesn't actually need to be defined (it will default to
space, tab and newline - $20,$09,$0A - if it isn't).
So put: unset IFS at the top of your /etc/profile and
        unsetenv IFS at the top of your /etc/csh.login.

I assume this is OK and won't wreck anything - anyone else want to
check this out ?

Richard K. Lloyd,       *** This is a MicroVAX II running VAX/VMS V5.3-1 ***
Computer Science Dept., * JANET     : RKL@UK.AC.LIV.CS.AND or              *
Liverpool University,   *             RKL@000010500211.FTP.MAIL            *
Merseyside, England,    * Internet  : RKL%and.cs.liv.ac.uk@cunyvm.cuny.edu *
Great Britain.          ***       Please note: New e-mail address !      ***