[2072] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: /bin/login problem

daemon@ATHENA.MIT.EDU (Rogier Wolff)
Wed Sep 9 17:45:45 1998

In-Reply-To: <19980909014749.8EC9345BC4@spike.porcupine.org> from Wietse Venema at "Sep 8, 98 09:47:49 pm"
To: wietse@porcupine.org (Wietse Venema)
Date: Wed, 9 Sep 1998 18:28:40 +0200 (MEST)
Cc: linux-security@redhat.com
From: R.E.Wolff@BitWizard.nl (Rogier Wolff)
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

Wietse Venema wrote:
> Rogier Wolff:
> > Passing the string through a pipe works (I didn't find that "obvious":
> > The sending end of the pipe was written to by the same process, which
> > just exec-ed the reading program, and the writing end of the pipe is
> > closed by the time the read is performed)
> 
> It seems much simpler to me to select the terminal for readability
> (i.e. until someone hits the ENTER key) and to notify the login
> program that it can find the name on STDIN instead of finding it
> on the command line.
> 
> The TTYPROMPT environment variable used by SYSV4 does not pass
> sensitive info via the environment; it is just a flag to notify
> the login program that the login name is available on STDIN. All
> this requires minimal change to the login progam: a getenv() call
> and setting a flag to force reading STDIN upon program startup.
> 
> Yes, this means that you lose all those cutesy features of my agetty
> program. But login/getty code runs as root and is extremely security
> sensitive. Keep it simple, I'd say.
> 
> 	Wietse
> 

One of the classical "getty" features that you loose this way is 
the autobauding that classical getty's perform. (i.e. read a
character, and change the baudrate whenever it's "bad")

				Roger. 

-- 
| The secret of success is sincerity. Once you can |R.E.Wolff@BitWizard.nl 
| fake that, you've got it made. -- Jean Giraudoux | phone: +31-15-2137555 
We write Linux device drivers for any device you may have! fax: ..-2138217

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post