Proper procedure for AUTOLOGIN in SCO
Andrew Macpherson
andrew at stl.stc.co.uk
Sat Mar 11 09:20:32 AEST 1989
In article <190 at biar.UUCP> trebor at biar.UUCP (Robert J Woodhead) writes:
|
| Thats all there is to it. I am however VERY disturbed about the security
| hole created by the AUTO process. It seems to me that if they have gone
| to the trouble to provide the AUTO escape, then there should be a way to
| restrict certain accounts to certain terminals. In this case I can just
| put some code in the .profile to check if tty returns '/dev/tty08' and
| log the user out if not (right?), but is there a better way to do this? And
| is the above approach secure?
|
You missed out 1 step, since the "AUTO" account is going to be running
your dedicated process "/etc/mylogin" or whatever, replace tty08's
shell with something useless of your own devising which will give
an appropriate rude message to anyone trying to login as tty08 on
another port.
Andrew Macpherson | God bless the King! --- I mean the Faith's Defender
PSI%234237100122::andrew | God bless (no harm in blessing) the Pretender!
andrew at stl.stc.co.uk | But who Pretender is, or who the King, ---
..mcvax!ukc!stl!andrew | God bless us all! That's quite another thing.
More information about the Comp.unix.xenix
mailing list