Alternate Shells

[Daniel R. Levy]

In article <275 at uwvax.UUCP>, david at wisc-rsch.arpa (David Parter) writes:
>> Next joke, please.   Suffice it  to say  that "lock"  isn't nearly as
>> secure as  it might  lead you  to believe.   This  probably isn't the
>> place  to  go  into  the  details  of why,  but I  wouldn't trust the
>> standard "lock" to protect anything I valued.
>
>>           Doug Hosking
>
>possible solutions:
>    1)  don't leave your terminal (logged in) alone.
>    2)  fix lock, if you need a secure locking mechanism for yourself
>        or your users. We have made some fixes to it.
>
>david
>--
>david parter
>UWisc Systems Lab
>
>uucp:	...!{allegra,harvard,ihnp4,seismo, topaz}!uwvax!david
>arpa now:	david at wisc-rsch.arpa
>arpa soon:	david at wisc-rsch.WISCONSIN.EDU or something like that

I didn't see the original (Hosking) so I am replying to this one.  The
key to the extant lock can be pried by anyone who has access to the source
code, or who can do a strings on the binary.  It's an open secret, and I'm
sure every hacker from Maine to California knows it.  If you MUST have a
master key to lock change it from the default and make the source and binary
readable only to root (if at all).  Actually I don't even see the need for a
master key at all; if you forget, just log in elsewhere and kill the process
with signal 9. (And stty sane < /dev/tty_whatever.)
-- 
 -------------------------------    Disclaimer:  The views contained herein are
|       dan levy | yvel nad      |  my own and are not at all those of my em-
|         an engihacker @        |  ployer, my pets, my plants, my boss, or the
| at&t computer systems division |  s.a. of any computer upon which I may hack.
|        skokie, illinois        |
 --------------------------------   Path: ..!ihnp4!ttrdc!levy
                                      or: ..!ihnp4!iheds!ttbcad!levy