roy@phri.UUCP (Roy Smith) (12/30/85)
I am trying to figure out a way to make csh read a system-wide
.login file before reading $HOME/.login. Looking at the source for csh
(/usr/src/bin/csh/sh.c) it seems all you have to do is just add one line
to the startup code. Where it says:
if (loginsh) {
srccat(value("home"), "/.login");
}
I guess I should just be able to add another call to srccat to read in
/usr/lib/csh.login or something like that. Reading a bit further into the
code you find out that srccat won't source a file unless it has the same
uid or gid as you do. This I don't understand; why should it care?
--
Roy Smith <allegra!phri!roy>
System Administrator, Public Health Research Institute
455 First Avenue, New York, NY 10016david@ukma.UUCP (David Herron, NPR Lover) (12/31/85)
In article <2098@phri.UUCP> roy@phri.UUCP (Roy Smith) writes: > >I guess I should just be able to add another call to srccat to read in >/usr/lib/csh.login or something like that. Reading a bit further into the >code you find out that srccat won't source a file unless it has the same >uid or gid as you do. This I don't understand; why should it care? Roy, It would be a security hole to have a persons .login owned by another user id. (This other user would always be able to have access to that one user id). -- David Herron, cbosgd!ukma!david, david@UKMA.BITNET. Experience is something you don't get until just after you need it.
bzs@bu-cs.UUCP (Barry Shein) (12/31/85)
> I am trying to figure out a way to make csh read a system-wide >.login file before reading $HOME/.login. Looking at the source for csh >(/usr/src/bin/csh/sh.c) it seems all you have to do is just add one line >to the startup code. Where it says: > > if (loginsh) { > srccat(value("home"), "/.login"); > } > >I guess I should just be able to add another call to srccat to read in >/usr/lib/csh.login or something like that. Reading a bit further into the >code you find out that srccat won't source a file unless it has the same >uid or gid as you do. This I don't understand; why should it care? >-- >Roy Smith <allegra!phri!roy> I added exactly that as: (/usr/src/bin/csh/sh.c, same place as he mentions) /* BZS - srcunit/open does enuf access checking. Source a global .login file if it exists. Cannot use srccat et al cause they demand we be the owner. */ -> srcunit(dmove(open("/usr/lib/.login",0),-1),0,0) ; /* end BZS */ srccat(value("home"), "/.login"); a while ago, so guess I ran into the same trubble (tho this works exactly as you wish I believe.) I assume the owner check is to prevent imposter .login scripts from being eaten, reasonable I guess (tho if they managed to write into your home directory...oh well, go figger.) -Barry Shein, Boston University
roy@phri.UUCP (Roy Smith) (01/03/86)
To recap, I asked why csh won't source a .login or .cshrc file if it is not owned by the current user. I got onto this is because I want to make csh read a system-wide startup file (/usr/lib/csh.login, for example) before reading $HOME/.login. Thanks to the many people that replied. Most people said that if you leave your home directory mode 777 (i.e. writable by others) anybody can come along and replace your .login with one of their own devious design (like maybe "rm -rf *"). I find these arguments a bit absurd. It's like saying I shouldn't leave my keys laying on the kitchen table when I go to sleep because if I forget to lock the front door, anybody could walk in and steal them. Once I leave my directory unprotected, anybody can come along and wreak all sorts of havoc without resorting to anything as subtle as playing games with my .login file. Leaving a random shell script called "ls" in my home directory comes to mind if they wanted to be discrete. Simply doing "rm *" is effective if they don't care much for being fancy. There is, BTW, a way to get around this uid test. If you just define INGRES, the test is skipped. I suppose simply adding a "-DINGRES" to the Makefile would be the easiest way to do this. -- Roy Smith <allegra!phri!roy> System Administrator, Public Health Research Institute 455 First Avenue, New York, NY 10016