password security on Ultrix LAT entries in /dev/?
Ian! D. Allen [CGL]
idallen at watcgl.waterloo.edu
Fri Jul 13 10:55:26 AEST 1990
I set up port 1 on my terminal server, gave it a service name, and
passworded that service. This protects the service from unauthorized
users getting into it from other terminal servers. But I seem to be able
to use "lcp -h /dev/tty10:MYSERVER:PORT_1" and tip on Ultrix to get
direct access to the port and bypass the password. So, too, could anyone
else out there in Ethernet land. I guess the password is only on the
"service", not on the port itself? I can set a password on the incoming
port right at the terminal server, but that's not what I want. How can I
password the port and service so that access from Ultrix via /dev/ is
passworded the same way as is access from other terminal servers?
If Ultrix can get at the port without a password, this leads me to
believe that someone could write terminal server software that ignored
passwords too. How secure is LAT?
--
-IAN! (Ian! D. Allen) idallen at watcgl.uwaterloo.ca idallen at watcgl.waterloo.edu
[129.97.128.64] Computer Graphics Lab/University of Waterloo/Ontario/Canada
More information about the Comp.unix.ultrix
mailing list