vrs@uoregon.UUCP (11/05/83)
#R:utah-gr:-96900:uoregon:400002:000:1274 uoregon!vrs Nov 2 14:53:00 1983 /***** uoregon:net.unix-wizar / utah-gr!thomas *****/ Subject: Re: Should "su" change the USER environment variable? Re: using "login" to gain permissions. This is a very bad idea. We have for a long time had login mode 500, owned by root. It is very easy for someone to push a shell, login as, say, "who" (most systems seem to have a who login), then exit the shell, leaving the user entry in /etc/utmp as "who". Thus, all his connect time gets charged to overhead (assuming you are doing accounting, of course), and in any case, you can't tell what person is REALLY logged in there. =Spencer We also protect login highly. It is VERY easy to write simple shell script or program which fakes login long enough to get a password, say 'login incorrect', then exec /bin/login. Slightly better versions can be written based on pseudo-ttys or mpx files, but if one is careful it is very difficult to tell the forgery from the real thing, even if the forgery is just a C program which is careful to catch signals, etc. We know because we had a student write one and report (informally) on how difficult the task was - he had something in about half an hour that was pretty good, and the next day it was nearly perfect (but slow, since it was a shell script).