Subject: Re: bin/2905: setting environment vars from login
To: Michael Graff <>
From: Christian Kuhtz <>
List: netbsd-bugs
Date: 10/30/1996 18:40:13
Alright, I'll try it without the soapbox this time.

On 30 Oct 1996 19:35:19 -0500, Michael Graff <> mumbled:
> It is useful from time to time to control how someone logs in.
> The LOGIN_ARGS stuff was implimented at ISU, and I often used
> login: explorer -nozephyr (really -nz, but hey)
> login: explorer -nomail
> login: explorer -q (quick, no startup scripts, no locker attaches...)
> I found the idea to be very useful.

All of the above can be accomplished without messing with login and purely  
by scripting, etc in the shell's rc file, or the system's global master  
shell rc.

Also, data is accepted at a point in the authentication stage where one  
has absolutely no idea who it is that you are dealing with.  But, even  
better, this data is passed through to the actual environment of the user  
that is authenticated, but at this point isn't.

Have we all forgotten the lousy IFS hacking etc?  And all the other attack  
patterns?  It doesn't matter whether we are setting specific environment  
variables explicitly or indirectly.

If we revise our entire authentication scheme which UNIX uses to  
authenticate users, we may be able to add such functionality.  I don't  
think we're about to do that or should dive into that at this point.

> > Guys, login is _-=*AUTHENTICATION*=-_ and not 'add your favorite gimmick
> > here'. And any kind of args have no business in that unless they're
> > directly related and imparative for authentication purposes. Why are we
> > even discussing this??
> Because that's what these lists are for...  If you don't want to read
> it, kill the thread in your reader.

That's not how this was meant.  I agree with you 100% that this is the  
place where this type of stuff should be discussed in.  Actually, it might  
be better to move to another list, like current-users, IMHO, to reach a  
broader audience.

The "why are we discussing this" was referring to the rest of my  
argumentation which aims at the significance for system integrity and  
security.  Sorry if I caused a wrong impression here.

> I would love to see the functionality.  Perhaps you find it useless, but
> I don't.

This is not about usefulness or uselessness.  This is about security and  

One doesn't mess with authentication mechanisms and related pieces of  
code, unless it is absolutely neccessary.  And the functionality you  
advocate can be implemented without modifying an authentication mechanism  
such as login.  Ergo, it is not absolutely neccessary and authentication  
mechanisms do not need to be modified.

That's why I'm against it and think it is a very bad idea to implement.   
Not because I love getting on soap boxes or I enjoy making your life  
miserable. ;-)


Christian Kuhtz <>, office:
Network/UNIX Specialist for Paranet, Inc.
Supercomputing Junkie, et al               MIME/NeXTmail accepted

Version: 2.6.3ia