[2069] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: /bin/login problem

daemon@ATHENA.MIT.EDU (Rogier Wolff)
Sun Sep 6 22:20:18 1998

To: linux-security@redhat.com
Date: Fri, 4 Sep 1998 23:21:29 +0200 (MEST)
From: R.E.Wolff@BitWizard.nl (Rogier Wolff)
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com


Eric Dedrick wrote:
[...]
> login:  mistake
[...]
> a ps will show, among other things,
> 
> 2333 /bin/login --mistake.
> 
> Since some users accidentally type their password at the login prompt,
> this is a concern.

Some people are writing linux security and suggesting that login could
rewrite its argv to fix this. However even if the string is just
momentarlily visible, it should be considered a serious problem.

What we need to do is change the interface between getty and login.
But backward compatibility is also an issue. 

For example we could do the following:

An adapted login can rewrite its argv as soon as possible. This to
remain compatible with getty's that don't know about the newer
interface. 

If a new login finds "no_such_user" as its argument, it reads the
login name from an environment variable instead of from the argument
vector.

A getty needs to be configurable to do the new or the old stuff.




Anybody have a few spare hours on his hands?


					Roger.


-- 
| The secret of success is sincerity.  Once you can |  R.E.Wolff@BitWizard.nl 
| fake that, you've got it made.  -- Jean Giraudoux |       T: +31-15-2137555 
-We write Linux device drivers for any device you may have! Call for a quote-

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post