Putting "login root" in /.profile: a bad idea
Wayne Folta
folta at tove.umd.edu
Sat Jan 7 11:18:42 AEST 1989
I did not think that "login root" by itself is sufficient to stop an
intruder. After 60 seconds, doesn't the login timeout, and you proceed on
to single-user mode? I seem to remember this, as I then added "haltsys"
in my .profile, to avoid this. Was I hallucinating?
Wayne Folta (folta at tove.umd.edu 128.8.128.42)
[[ If I recall correctly, sh will exec login rather than run it as a
subprocess. If it times out, the process will disappear and init will
proceed on to multi-user mode. However, if you're .profile said
"/bin/login" instead of "login", sh will not recognize it as a command
that needs special handling. --wnl ]]
More information about the Comp.sys.sun
mailing list