[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Package organization issue...

[ Please don't Cc: public replies to me. ]

Raul Miller:
> The ideal thing would be a shell script used for *all* logins, which
> kicks in before the user shell is loaded.  This means changing
> login, and xdm, to use something like this:

And ssh, su, xterm, and all other programs that launch login
shells (some of them may use login, but not all do). That's many
security-sensitive programs to modify. All this just to make
it easier to slow down the login process?

/etc/profile.d and its variations would allow packages to set
up a different default environment that is `nicer' by some
definition. Is this worth the trouble of modifying the way
login works on Debian?

I hate to repeat myself, but in my humble opinion,

	* all programs should work without special setup in
	  /etc/profile, or elsewhere, and
	* a `nice' environment should not be forced upon all

I don't want to sound overly negative, however. Having a good
default environment for Debian is a good goal. It should be
implemented by other means than mucking with /etc/profile. Most
programs can read a global configuration file, for example.
Also, since everyone's `nice' is different, it'd probably be
best to put the niceness stuff in separate packages, so that
people can choose.

> 	char*pat=". /etc/login.sh; exec -l %s";
> 	{
> 		char*buf=malloc(sizeof*pat+strlen(shell));

As a demonstration of the risk of mucking with security-sensitive
portions: your code doesn't work. Make pat an array (``char pat[]="...";'')
and use sizeof on pat, not *pat, and it might work.

(Cheap shot, sorry. I realize that the code was just to show
the idea, not intended as a real implementation.)

Please read <http://www.iki.fi/liw/mail-to-lasu.html> before mailing me.
Please don't Cc: me when replying to my message on a mailing list.

Attachment: pgplNmYSgK5Xb.pgp
Description: PGP signature

Reply to: