need help establishing safety of zsh to sysadmin

need help establishing safety of zsh to sysadmin

[Jose Unpingco]

Hi,

I've been using zsh for over a year now, but it seems that it has
recently come to the attention of the sysadmin who wants me to stop
using it on the grounds that "it is not a supported shell" on the
machines I work on.

I'm hesistant to give up zsh and all its great functions, which I've
come to depend upon, so I was hoping some of you could give me some
specific examples of how zsh has not caused problems for you sysadmins
out here.

I need to make a pretty convincing argument if I'm going to keep this
thing.  Any help appreciated.
-- 
Thank you for your time and consideration.  

             _ - - - _                             
           /)-  - _     _                          
          / |_o_/  -       _        
              \__  -          _        
                \ \_              -   _  _  _  _   _  _  _  _  _       
                 _                      
   __ __ _ _  -        
Jose Unpingco 
ECE 0407
(619) 546-8809

Re: need help establishing safety of zsh to sysadmin

[Richard Coleman]

> I've been using zsh for over a year now, but it seems that it has
> recently come to the attention of the sysadmin who wants me to stop
> using it on the grounds that "it is not a supported shell" on the
> machines I work on.
> 
> I'm hesistant to give up zsh and all its great functions, which I've
> come to depend upon, so I was hoping some of you could give me some
> specific examples of how zsh has not caused problems for you sysadmins
> out here.
> 
> I need to make a pretty convincing argument if I'm going to keep this
> thing.  Any help appreciated.

Well, if it makes any difference, I (the previous maintainer) and Zoltan
(the new maintainer) are both sysadmins.  So we have thought about the
security of zsh.  I don't think zsh poses any more of a security risk
than any other shell.

Also, considering that zsh now uses autoconf, it is trivial to build.
So what is there to support?  We (the mailing lists) do all the support
and maintenance work.

But if your sysadmin just wants to be lazy and remove zsh (so that he
doesn't have to answer questions about it), you can always build it
yourself and put it in your own ~/bin directory.  This doesn't require
any special privileges on your machine. Then create a trivial startup
file for whatever shell (probably csh or ksh) that your sysadmin has
made you use, that doesn't nothing but `exec' zsh.

Richard Coleman
coleman@math.gatech.edu

Re: need help establishing safety of zsh to sysadmin

[Steven L Baur]

>>>>> "Jose" == Jose Unpingco <unpingco@mpl.UCSD.EDU> writes:
>>>>> "Richard" == Richard Coleman <coleman@math.gatech.edu> writes:

Jose> I've been using zsh for over a year now, but it seems that it has
Jose> recently come to the attention of the sysadmin who wants me to stop
Jose> using it on the grounds that "it is not a supported shell" on the
Jose> machines I work on.
Jose> 
Jose> I'm hesistant to give up zsh and all its great functions, which I've
Jose> come to depend upon, so I was hoping some of you could give me some
Jose> specific examples of how zsh has not caused problems for you sysadmins
Jose> out here.
Jose> 
Jose> I need to make a pretty convincing argument if I'm going to keep this
Jose> thing.  Any help appreciated.

Richard> Well, if it makes any difference, I (the previous maintainer)
Richard> and Zoltan (the new maintainer) are both sysadmins.  So we
Richard> have thought about the security of zsh.  I don't think zsh
Richard> poses any more of a security risk than any other shell.

Richard> Also, considering that zsh now uses autoconf, it is trivial
Richard> to build.  So what is there to support?  We (the mailing
Richard> lists) do all the support and maintenance work.

I'm sure I'm not the only System Administrator following these lists
who uses zsh.  I like zsh enough to make it the default shell for
users around here.  I've run zsh as root on a variety of systems,
without a problem.

It's been a more stable program than csh (to name a ``supported''
shell).  And it's plain cruel to take away the zsh TAB completion from
someone.  Typing at a command line is such a bother.

Hope that helps.

Regards,
-- 
steve@miranova.com baur
Unsolicited commercial e-mail will be proofread for $250/hour.
Andrea Seastrand: For your vote on the Telecom bill, I will vote for anyone
except you in November.

Re: need help establishing safety of zsh to sysadmin

[Zoltan Hidvegi]

> I'm hesistant to give up zsh and all its great functions, which I've
> come to depend upon, so I was hoping some of you could give me some
> specific examples of how zsh has not caused problems for you sysadmins
> out here.

We use zsh on 7 different platfors here.  Users can use either zsh or tcsh
as their login shell.  I use zsh as a root shell on all Linux machines.  I
use zsh in system scripts (like /usr/lib/X11/xdm/Xsession which starts
with #!/usr/local/bin/zsh here) in and cgi-bin scripts.  As zsh is the
same on all the seven systems it is very good for writing scripts that
would run on all platforms.

I really do not understand what are the security problems that zsh may
cause.  I think that zsh is az safe as any other shell.  If the sysop
thinks that someone wants to run a suid zsh he can put a line
[[ -o privileged ]] && exit
to /etc/zshenv and something similar to /etc/suid_profile to prevent
this (but it is quite useless as the security is already compromised if
one manages to create a working suid shell).

And it is not an argument that `zsh is not supported'.  A normal Unix
system usually have thousans of utilities and I doubt that all of them are
`supported' but these are still there for everyone to use.

Zoltan

Re: need help establishing safety of zsh to sysadmin

[Helmut Jarausch]

> Hi,
> 
> I've been using zsh for over a year now, but it seems that it has
> recently come to the attention of the sysadmin who wants me to stop
> using it on the grounds that "it is not a supported shell" on the
> machines I work on.
> 
> I'm hesistant to give up zsh and all its great functions, which I've
> come to depend upon, so I was hoping some of you could give me some
> specific examples of how zsh has not caused problems for you sysadmins
> out here.
> 
> I need to make a pretty convincing argument if I'm going to keep this
> thing.  Any help appreciated.
> -- 
> Thank you for your time and consideration.  
> 

Tell this to your sysadmin (he might emailme directly if he/she likes to).
We have a maintainance contract with our hardware supplier (SGI) and I have
never seen patches and/or improvements for their favourite shells like
the bourne shell and the c-shell. BUT on the other hand I get updates, 
bug fixes and very useful new features quite regularily for the z-shell.
Furthermore, if I (your sysadmin) have/has any problems there is almost
immediate help from the 'ZSH-community'.
Try to get qualified help in short time from your supplier of your OS and
if you did succeed, indeed, please tell me his name immediately.

If there are security holes in your Unix OS then a bad guy will be able
to exploit these with any shell or other tools. The only bad thing is
to allow for SUID-shell scripts BUT FOR ANY SHELL.

Best regards to your sysadmin,
Helmut Jarausch.

RE: need help establishing safety of zsh to sysadmin

[Ray_Van_Tassle-CRV004]

>> On Mon, 6 May 1996 13:38:11 -0700 (PDT), 
>> unpingco@mpl.UCSD.EDU (Jose Unpingco) said:

J> I've been using zsh for over a year now, but it seems that it has
J> recently come to the attention of the sysadmin who wants me to stop using
J> it on the grounds that "it is not a supported shell" on the machines I
J> work on.


So what's the big deal? There's nothing magic about a shell--it's just 
another program.  It's not like running zsh will automatically give you SU 
priviledges or something.
FWIW, my "real" shell is ksh.  But at the end of my .profile, I have:
"exec ${HOME}/local/bin/zsh -l"

We have folks here who in essence use emacs as their shell, and others who 
essentially use netscape as their shell.

-30- Ray

Re: need help establishing safety of zsh to sysadmin

[Karl E. Vogel]

>> On Mon, 6 May 1996 13:38:11 -0700 (PDT), 
>> unpingco@mpl.UCSD.EDU (Jose Unpingco) said:

J> I've been using zsh for over a year now, but it seems that it has
J> recently come to the attention of the sysadmin who wants me to stop using
J> it on the grounds that "it is not a supported shell" on the machines I
J> work on.

   Sounds like you have a lazy sysadmin.

J> I'm hesistant to give up zsh and all its great functions, which I've come
J> to depend upon, so I was hoping some of you could give me some specific
J> examples of how zsh has not caused problems for you sysadmins out here.

   I've been a sysadmin at the C17 project office since 1987, and I've never
   had a problem with zsh on either a Pyramid or a Sparc that was due to
   anything except my own keyboard carelessness.  As a matter of fact, zsh
   has kept me from deleting important stuff on more than one occasion.

   I tried bash and tcsh for about a year apiece and finally settled on zsh
   as having the best set of functions for interactive use.  This was a few
   years ago and I have no plans on changing to a different shell.

-- 
Karl Vogel                                        vogelke@c17mis.wpafb.af.mil
Control Data Systems, Inc.           ASC/YCOA, Wright-Patterson AFB, OH 45433

Politics is not a bad profession.  If you succeed there are many
rewards, if you disgrace yourself you can always write a book.  --Ronald Reagan