On 10/14/2010 06:45 PM, Ben Niccum wrote:

quoted text
>> I thought about doing that too. I need to test it more to see what
>> happens when ksh is the shell and the user executes csh manually. I
>> suppose ksh will still honor TMOUT in that case.
>>
>> Brad
>>
> 
> Don't mean to complicate things for you, but just thought I should
> mention that if the user does:
> 
> # exec /bin/csh
> 
> Then csh takes over ksh's active process, and even though the TMOUT
> variable is still there, csh doesn't honor it, and ksh is no longer
> around to object.
> 
> -Ben

Great point. That's precisely the sort of thing I'd like to have thought
about. Much of the compliance efforts may look good on paper, but have
no impact on actual usage or may be trivially circumvented as you point
out. So while disabling a shell may get a check mark during PCI
compliance efforts, that may be all you end up with.

Brad