From owner-freebsd-hackers@FreeBSD.ORG Sat Sep 11 10:53:35 2010 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 35E401065672 for ; Sat, 11 Sep 2010 10:53:35 +0000 (UTC) (envelope-from jhellenthal@gmail.com) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id E8B628FC15 for ; Sat, 11 Sep 2010 10:53:34 +0000 (UTC) Received: by iwn34 with SMTP id 34so3574954iwn.13 for ; Sat, 11 Sep 2010 03:53:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:sender:message-id:date:from :user-agent:mime-version:to:subject:references:in-reply-to :x-enigmail-version:content-type:content-transfer-encoding; bh=J+rSXTNOlgFyfL+BkyIy5NrcY2oy5pwf17v6DawXf7s=; b=pPKhmtiXTvKja+zTERRS6SnEoKfa+LkH7Cjr4mn8A9BpN7LiVenloUhn5cvrjHPWGd iCbVZA0DiPdr7xsNQmVAV5JkPWIK7JxdzQBF65Zt5nAbrnJ73DPf+4BFdiBX05hqFIP8 uqVlmP2W5E+B+ZE6cje71H0hSRIilLnYTL8FA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=sender:message-id:date:from:user-agent:mime-version:to:subject :references:in-reply-to:x-enigmail-version:content-type :content-transfer-encoding; b=oPOOTNuty32gN61b1SHuf7ZKEjvFPdsTScoOoOoKpaOVezLvcQQKHCb9wc/57/Ap30 WDYZcoiEs/7VHtksh1tI1sKPvZnvP+uh/MmPmkVmR0p3n7hMEf9rGtgvbl20m3T2FAgs pKFACeeR/qFhQGr15m6cuqEa9SVU59p0r1wu4= Received: by 10.231.177.40 with SMTP id bg40mr2305166ibb.150.1284202414279; Sat, 11 Sep 2010 03:53:34 -0700 (PDT) Received: from centel.dataix.local (adsl-99-181-137-20.dsl.klmzmi.sbcglobal.net [99.181.137.20]) by mx.google.com with ESMTPS id h8sm3502033ibk.9.2010.09.11.03.53.32 (version=SSLv3 cipher=RC4-MD5); Sat, 11 Sep 2010 03:53:33 -0700 (PDT) Sender: "J. Hellenthal" Message-ID: <4C8B5FAB.1010502@DataIX.net> Date: Sat, 11 Sep 2010 06:53:31 -0400 From: jhell User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.9.2.9) Gecko/20100908 Lightning/1.0b1 Thunderbird MIME-Version: 1.0 To: Aryeh Friedman , freebsd-hackers@freebsd.org References: <4C8AE7A2.1090802@DataIX.net> <4C8AE9CB.9070008@DataIX.net> <20100911090739.GA3797@straylight.ringlet.net> In-Reply-To: <20100911090739.GA3797@straylight.ringlet.net> X-Enigmail-Version: 1.1.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: Subject: Re: How to disallow logout X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Sep 2010 10:53:35 -0000 On 09/11/2010 05:07, Peter Pentchev wrote: > > ...but, of course, that's only until people learn that they can > bypass this by something like 'kill -FPE $$'. > Have you tried that ? If the person/developer is looking into it that far where they need to subvert the logout process then there is probably a pretty good reason for doing so and would be expected that they bring it to the admins attention or file a PR. There is only just so much you can do before you start to modify the code in the shell itself so the user cant execute another shell upon login and kill their shell before other scripts run on logout. Firstly this just sounds like a case where the admin needs to provide a equally sound and safe way of making sure everything is cleaned up on logout and is offering a global way of doing it so the developer will not forget. trap 'echo "Sorry FPE not allowed. ;)"' FPE ( kill -l ) will list the rest of the signals you can trap too. And you can get pretty evil with this. But for the short term. for sig in `jot 31 1`; do trap 'echo "WARN:$$ Please use ^D or logout(1) instead."' ${sig} done Of course not all of those signals will cause a logout to happen but have fun with it. Regards, -- jhell,v