[2073] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: /bin/login problem

daemon@ATHENA.MIT.EDU (Wietse Venema)
Thu Sep 10 02:14:51 1998

To: linux-security@redhat.com
In-Reply-To: <199809091628.SAA03427@cave.BitWizard.nl> from Rogier Wolff at "Sep 9, 98 06:28:40 pm"
Date: Wed,  9 Sep 1998 13:00:04 -0400 (EDT)
From: wietse@porcupine.org (Wietse Venema)
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

Wietse Venema:
> [ having getty select the tty for readability without actually
> reading the login name from stdin]
> Yes, this means that you lose all those cutesy features of my agetty
> program [...]

Rogier Wolff:
> One of the classical "getty" features that you loose this way is 
> the autobauding that classical getty's perform. (i.e. read a
> character, and change the baudrate whenever it's "bad")

True, however with today's speed-buffering modems this behavior
can be undesirable. At least I haven't needed speed switching in
my agetty program since I hooked up a ZyXEL modem in 1991 or so.

One also loses detection of parity, erase and kill characters.
Loss of parity detection can be a problem with 7-bit terminal
settings. So it seems best to preserve getty functionality.

Does LINUX have the moral equivalent of the TIOCSTI ioctl() call
(simulate tty input)? If so, that could be used by (a)getty to
stuff the login name back after reading it, so that /bin/login can
pick it up from STDIN.

[mod: Yes. -- REW]

	Wietse

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post