Re: need help establishing safety of zsh to sysadmin

[Zoltan Hidvegi <hzoli@xxxxxxxxxx>]

> I'm hesistant to give up zsh and all its great functions, which I've
> come to depend upon, so I was hoping some of you could give me some
> specific examples of how zsh has not caused problems for you sysadmins
> out here.

We use zsh on 7 different platfors here.  Users can use either zsh or tcsh
as their login shell.  I use zsh as a root shell on all Linux machines.  I
use zsh in system scripts (like /usr/lib/X11/xdm/Xsession which starts
with #!/usr/local/bin/zsh here) in and cgi-bin scripts.  As zsh is the
same on all the seven systems it is very good for writing scripts that
would run on all platforms.

I really do not understand what are the security problems that zsh may
cause.  I think that zsh is az safe as any other shell.  If the sysop
thinks that someone wants to run a suid zsh he can put a line
[[ -o privileged ]] && exit
to /etc/zshenv and something similar to /etc/suid_profile to prevent
this (but it is quite useless as the security is already compromised if
one manages to create a working suid shell).

And it is not an argument that `zsh is not supported'.  A normal Unix
system usually have thousans of utilities and I doubt that all of them are
`supported' but these are still there for everyone to use.

Zoltan