su bug in Ultrix 4.1 still there
Elliot Hans
ellhan at raxco.UUCP
Fri Dec 14 08:15:15 AEST 1990
In article <RUSTY.90Dec10144456 at belch.Berkeley.EDU>, rusty at belch.Berkeley.EDU (Rusty Wright) writes:
|
| If your security level is set to ENHANCED you can't use the su command
| unless the tty line you're on is marked secure in /etc/ttys. On a
| time sharing system like a DECserver or a large VAX that's not so bad.
| But on a workstation running windows you'll almost always be on a tty
| that's a pseudo tty (unless you happen to have a dialin modem
| connected to your workstation) because of course that's what dxterm,
| xterm, etc. use. So you might think you could just edit /etc/ttys and
| add the secure keyword to all of the pseudo tty lines, but that would
| be a mistake because that would make your system less secure because
| that allows root logins over the network via rlogin or telnet; i.e.,
| then some cracker could try to guess your root password.
I wonder how many things would break if DEC were to assign a
different class of pseudo-ttys strictly for use with DECwindows? Does
anyone know whether it would be feasible (instead of ttyp1, ttyp2, etc.,
DECwindows would use ttydw1, ttydw2, and so on)? You could then make
the windows secure without opening up root access to the network.
More information about the Comp.unix.ultrix
mailing list