[17389] in Athena Bugs
sun4 8.3.19: xlogin
daemon@ATHENA.MIT.EDU (Nickolai Zeldovich)
Thu Nov 25 00:17:36 1999
Message-Id: <199911250517.AAA00788@seven-up.zepa.net>
To: bugs@MIT.EDU
Date: Thu, 25 Nov 1999 00:17:22 -0500
From: Nickolai Zeldovich <kolya@MIT.EDU>
System name: seven-up.zepa.net (aka SEVEN-UP.MIT.EDU)
Type and version: Tadpole_S3GX 8.3.19 (with mkserv) (plus partial mkserv)
Display type: P9100
Shell: /bin/athena/tcsh
Window manager: ctwm
What were you trying to do?
Select "Display Workstation Configuration" from the login window
What's wrong:
Because my machine was not on the network, and only had partial
local packs attached, xterm complained about not being able to
execvp 'timeout' (xterm -e timeout 60 /etc/athena/login/machine).
After doing that, it gave me a shell as user nobody.
What should have happened:
xterm should have exited after not being able to execute the
specified command, rather than giving a shell.
It seems that it would be possible for someone to obtain access
to a machine without having an account on it, by disconnecting
it from the network temporarily.
This doesn't seem a particularly serious problem, given the other
things a user with physical access can do, but I suspect making
xterm do the right thing isn't that hard, and might as well be
fixed.
Please describe any relevant documentation references:
xterm(1), xlogin(8)
