SCO OpenDeskTop v1.0/Secureware HACK!

Marc Unangst mju at mudos.ann-arbor.mi.us
Tue Nov 13 13:24:03 AEST 1990 

Okay, folks, I've had it up to *here* with SCO's broken "security"
system.  I think we all know that it's poorly integrated with the OS,
that it's an absolute pain in the ass, and that the first thing SCO
should do in 3.2v3 is make the stupid thing totally, completely
removable.

However, that's not what my problem is.  My problem is this: The
system is broken, and I can't figure out how to fix it.  When I boot
up multi-user, cron(8) aborts with "cron: can't find group cron".  If
I try to su(1) from a non-root account, it tells me that
create_file_securely() exited with status 2.  I can only log on as
root on tty01, and the system says "Security database corrupt.
However, root login on tty01 is allowed."  If I try to log on as a
normal user or on a different terminal, it says "Can't rewrite
Terminal Control Database entry.  See Authentiation Administator."
(Incidentally, /bin/login seems to have the name "root" hardcoded into
it -- I have a csh root called "coot", and I can't log in as coot on
the console.  UID 0, GID 0, home directory /.  I guess this is another
incompatibility -- superuser privileges are UID and GID 0, not having
the login-id "root".  It's a good thing I didn't rename "root"
something like "god", or I'd *really* be in trouble.)  When I log in
as root in single-user mode, it appears that
/etc/auth/system/gr_id_map isn't getting created like it should be.

To add insult to injury, /tcb/bin/integrity says "Not authorized to
run /tcb/bin/integrity" when I'm logged in as root.  Thing get
curiouser and curiouser.../tcb/bin/authck -av lists problems with
several users, including "coot" and my own login, "mju".  It claims to
fix them.  However, the next time I run authck, it uncovers the same
problems, and again offers to fix them.

This all seems to have started when I tried to add a new group by
editing /etc/group directly, instead of going through sysadmsh.
However, I've removed that group (and all users that were in it), and
things are still broken.  I've talked to SCO technical support, and
they're completely stumped.  (I have an appointment to talk to a
"senior technical analyst" tomorrow, but I'm not exactly in the most
optimistic of moods about it.)  Quite frankly, I'm getting sick and
tired of ODT's stupid security system, and if I didn't have to support
my customers who are running ODT, I'd trash it and get REAL SysVr3.2.
Does anybody have any idea about what's *really* happening, and
possibly how to fix it?

How about how to contact Secureware, to maybe get some docs?  SCO says
that they're "proprietary"; they can't even tell me the format of a
/tcb/files/auth/x/xxx file.  Security by obscurity, folks, isn't
security at all.

--
Marc Unangst               |
mju at mudos.ann-arbor.mi.us  | "Bus error: passengers dumped"
...!umich!leebai!mudos!mju |

More information about the Comp.unix.sysv386 mailing list