On 10/14/2010 06:45 PM, Ben Niccum wrote: >> I thought about doing that too. I need to test it more to see what >> happens when ksh is the shell and the user executes csh manually. I >> suppose ksh will still honor TMOUT in that case. >> >> Brad >> > > Don't mean to complicate things for you, but just thought I should > mention that if the user does: > > # exec /bin/csh > > Then csh takes over ksh's active process, and even though the TMOUT > variable is still there, csh doesn't honor it, and ksh is no longer > around to object. > > -Ben
Great point. That's precisely the sort of thing I'd like to have thought about. Much of the compliance efforts may look good on paper, but have no impact on actual usage or may be trivially circumvented as you point out. So while disabling a shell may get a check mark during PCI compliance efforts, that may be all you end up with. Brad