From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from euclid.skiles.gatech.edu (list@euclid.skiles.gatech.edu [130.207.146.50]) by melb.werple.net.au (8.7.5/8.7.3) with ESMTP id MAA06386 for <mason@werple.mira.net.au>; Tue, 7 May 1996 12:44:45 +1000 (EST)
Received: (from list@localhost) by euclid.skiles.gatech.edu (8.7.3/8.7.3) id WAA04741; Mon, 6 May 1996 22:30:18 -0400 (EDT)
Resent-Date: Mon, 6 May 1996 22:28:11 -0400 (EDT)
From: Zoltan Hidvegi <hzoli@cs.elte.hu>
Message-Id: <199605070216.EAA00391@hzoli.ppp.cs.elte.hu>
Subject: Re: need help establishing safety of zsh to sysadmin
To: unpingco@mpl.UCSD.EDU (Jose Unpingco)
Date: Tue, 7 May 1996 04:16:04 +0200 (MET DST)
Cc: zsh-users@math.gatech.edu
In-Reply-To: <9605062038.AA16823@cryptica.UCSD.EDU> from Jose Unpingco at "May 6, 96 01:38:11 pm"
X-Mailer: ELM [version 2.4ME+ PL11 (25)]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Resent-Message-ID: <"J3FF.0.a91.wKhZn"@euclid>
Resent-From: zsh-users@math.gatech.edu
X-Mailing-List: <zsh-users@math.gatech.edu> archive/latest/205
X-Loop: zsh-users@math.gatech.edu
X-Loop: zsh-workers@math.gatech.edu
Precedence: list
Resent-Sender: zsh-workers-request@math.gatech.edu

> I'm hesistant to give up zsh and all its great functions, which I've
> come to depend upon, so I was hoping some of you could give me some
> specific examples of how zsh has not caused problems for you sysadmins
> out here.

We use zsh on 7 different platfors here.  Users can use either zsh or tcsh
as their login shell.  I use zsh as a root shell on all Linux machines.  I
use zsh in system scripts (like /usr/lib/X11/xdm/Xsession which starts
with #!/usr/local/bin/zsh here) in and cgi-bin scripts.  As zsh is the
same on all the seven systems it is very good for writing scripts that
would run on all platforms.

I really do not understand what are the security problems that zsh may
cause.  I think that zsh is az safe as any other shell.  If the sysop
thinks that someone wants to run a suid zsh he can put a line
[[ -o privileged ]] && exit
to /etc/zshenv and something similar to /etc/suid_profile to prevent
this (but it is quite useless as the security is already compromised if
one manages to create a working suid shell).

And it is not an argument that `zsh is not supported'.  A normal Unix
system usually have thousans of utilities and I doubt that all of them are
`supported' but these are still there for everyone to use.

Zoltan