molenda@s1.msi.umn.edu (Jason Molenda) (05/29/91)
The documentation for elm seems to indicate that elm will use the environment variable $HOME when determining where to find the .elm directory (it says "$HOME/.elm/elmrc" if memory serves me correctly). Unfortunately, it actually gets the home directory from the password file. This is a problem if you're trying to have multiple .elm directories under one account (ie when sharing an account with someone). I've modified init.c so that it will first look for the environment variable $HOME to determine the home directory. Failing that, it will look to the password file. Is there some reason why it was not done this way? Is it a possible security risk or somesuch thing? Will it fail miserably under certain cases which I'm not thinking of? I honestly don't know. I know it works the way I expect it to and I'm happy, so I'll be using the patch. If anyone else uses it, it's at your own risk. This patch is for elm 2.3 patchlevel 11. Be in the 'src' subdirectory when patching. *** init.c.orig Tue May 28 11:17:53 1991 --- init.c Tue May 28 11:20:19 1991 *************** *** 139,145 **** exit(1); } strcpy(username, pass->pw_name); ! strcpy(home, pass->pw_dir); if((cp = get_full_name(username)) != NULL) strcpy(full_username, cp); --- 139,149 ---- exit(1); } strcpy(username, pass->pw_name); ! ! if ( (cp = getenv("HOME")) == NULL) ! strcpy(home, pass->pw_dir); ! else ! strcpy(home, cp); if((cp = get_full_name(username)) != NULL) strcpy(full_username, cp); -- Jason Molenda, Tech Support, Iris & News Admin, Minnesota Supercomputer Inst molenda@msi.umn.edu || "You can tune a piano but you can't tuna fish."
syd@DSI.COM (Syd Weinstein) (05/29/91)
molenda@s1.msi.umn.edu (Jason Molenda) writes: >Is there some reason why it was not done this way? Is it a possible >security risk or somesuch thing? Will it fail miserably under certain >cases which I'm not thinking of? Elm uses the method it does in determining where to find the .elm directory because of how we decided to handle the tradeoffs between normal use of Elm, use of Elm when su'd and use of Elm when su'd with the - flag. Since nothing in the .elm directory is security related there is no security risk. Will anything fail? Well, when you are su'd, their will be problems in matching the user id, the user name and the .elm directory, but that never totally matches anyway. I'd say its an alternative, just one we decided not to use. However, E-mail was not designed for several users sharing the same account. That is a security risk, and a risk in trying to identify which mail is for/from which user. For that you'd better be sure your MTA can tell them apart. Of course, there is no way to protect the spool files of each user from one another of those that share the same uid. -- ===================================================================== Sydney S. Weinstein, CDP, CCP Elm Coordinator Datacomp Systems, Inc. Voice: (215) 947-9900 syd@DSI.COM or dsinc!syd FAX: (215) 938-0235