UNIX source vs. binary (NOT A LEGAL ARGUMENT)
John Robert LoVerso
loverso at sunybcs.UUCP
Mon Feb 18 04:11:32 AEST 1985
> In article <97 at timeinc.UUCP> jim at timeinc.UUCP (Jim Scardelis) writes:
> >I would *really* like to be able to customize login.c so that dialup logins
> >from 'root' are disallowed...but I can't.
>
> here's down!/.profile, written by pat parseghian, bowdlerized by me:
> trap exit 1 2 3 15
> if [ "`tty`" != "/dev/console" ]
> then
> echo "root must log in on the console"
> exit 1
> fi
> trap 1 2 3 15
> there is probably a narrow window of vulnerability here.
Why not make the above the login shell of root, and at the end have it
run /bin/sh or /bin/csh as you please?
I've found that a shell (sh or csh) script thats somebodies login shell can't be
stopped or broken out of w/o logging the person out. Therefore, the "window
of vulnerability" is removed.
John
--
John Robert LoVerso @ SUNY Buffalo (716-636-3004)
LoVerso%Buffalo at CSNET-RELAY -or- ..!{decvax,watmath|rocksanne}!sunybcs!loverso
More information about the Comp.unix.wizards
mailing list