[2748] in Athena Bugs
register login
daemon@ATHENA.MIT.EDU (qjb@ATHENA.MIT.EDU)
Wed Aug 9 19:48:54 1989
From: <qjb@ATHENA.MIT.EDU>
Date: Wed, 9 Aug 89 19:48:34 -0400
To: bugs@ATHENA.MIT.EDU, jis@ATHENA.MIT.EDU
Cc: mar@ATHENA.MIT.EDU, qjb@ATHENA.MIT.EDU, geer@ATHENA.MIT.EDU
As has been said, the register button *SHOULD NOT* log you in as
register. This is stupid. Instead, it should run the register
client.
Well, since no one else has said this, I will.
Here is what is important:
The register client must not be run as root. It will never
exit if it is, and besides, this is too much of a security
hole.
The register client must be run with a working directory of
/mit/register or, preferably, the register script that is
run from the register locker should cd /mit/register before it
execs the userreg binary.
No kerberos tickets are needed to run register; therefore,
none should be obtained. It is quite adequate to
attach -h -n register, and run xterm -e /mit/register/register.
I think that the register locker should be moved to afs and
replicated all over the place. This makes for faster
attaching of the register filesystem (especially if -h -n is
used) and more reliable service. If this is done, the fs
checkbackups must be one of the things that is done when a user
presses the register button as occasionally things may have to
change suddenly in that locker.
When a user selects the register button, all non-standard
session buttons should be ignored. Right now, anyone can
execute any command as the user register.
Have I left anything out?
Jay
