--KjX7LgAomYr70Ka9
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Feb 04, 2004 at 10:53:55AM -0500, gabriel rosenkoetter wrote:
> -m doesn't keep the shell, it keeps the shell environment. (Check
> the man page.)

Maybe *I* should read the fine manual.

You're right; your shell is invoked. But:

                                                            As a security p=
re-
             caution, if the target user's shell is a non-standard shell (as
             defined by getusershell(3)) and the caller's real uid is non-z=
e-
             ro, su will fail.

I'm thinking getusershell(3) doesn't much care for "usr/pkg/bin/whatever".
(Incidentally, if you are using shells out of /usr/pkg, make sure
you've got them in /etc/shells or various things--ftpd(8), for
example--will pitch a less-than-totally-clear fit.)

It might be nice if we did something like Linux does on
control-alt-delete (immediately switches to runlevel 6; we'd want to
just issue a shutdown -r now). Figuring out the "correct" keypress
for that on the various ports is what's stymied the suggestion
historically, if memory serves. (Arguments about this being a
security problem are weak. If you've got physical console access--
even if you don't have power-switch access--you're probably going to
end up with root anyway.)

port-mac* have an obvious answer (assuming we can grab the
reset/power keypress), as do Suns and (clearly) IA32 machines.
After that it gets a bit hazy.

--=20
gabriel rosenkoetter
gr@eclipsed.net

--KjX7LgAomYr70Ka9
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFAIRcA9ehacAz5CRoRAk7RAKCOon6mN8RRDDjffHlTPfHUlq0TEQCbBsw6
XkLpRsaFx9DSrmagcr+2rPQ=
=1s96
-----END PGP SIGNATURE-----

--KjX7LgAomYr70Ka9--