Path: utzoo!utgpu!news-server.csri.toronto.edu!mailrus!cs.utexas.edu!samsung!munnari.oz.au!bunyip!uqvax.decnet.uq.oz!wattle!cszrhodes
From: cszrhodes@qut.edu.au
Newsgroups: comp.unix.questions
Subject: help sought - securing a terminal/line
Message-ID: <13089.26b57b8d@qut.edu.au>
Date: 31 Jul 90 12:37:33 GMT
Organization: Queensland University of Technology
Lines: 44

I need to secure a terminal (under HP_UX) in such a way that, when a person
comes up and turns that terminal (and only that terminal) on, some application
program is automatically invoked (e.g. oracle). That is, I need to develop 
some 'automatic terminal recognition' software that detects a particular 
terminal line being activated, and then dedicates that terminal/line to a 
user application. 

The idea of securing the terminal is that I never want the the user to know 
they are even on a UNIX host. I want to completely hide the OS, its 
functions, commands & file systems from the user. From this 'secure 
terminal' the system should be user tamper proof. Even if their application
program aborts they are not thrown back to the OS, just simply logged
off gracefully !!

e.g. 1. turning on terminal 12 in room M501 starts up 'patient result 
        entry' program (written in oracle);
     2. turning on terminal 5 in room M501 starts up 'patient billing'
        program (written also in oracle);
     and so on....

My supervisor has suggested two approaches for tackling this problem:
a) put the user in a restricted shell if the user logs on from a particular
   terminal, and run the application that is to be dedicated to that 
   terminal.
   i.e. secure a terminal via a restricted shell
   - I don't think this is the best solution even if it is possible, since 
     for a start it doesn't hide the unix login prompt from the user.
     
b) write a terminal driver program to do all this.


I believe that a terminal driver is the way to go.

I welcome discussion on the merits/demerits of each approach, and the 
technical problems to be kept in mind when trying to develop this software.

Other solutions to this problem are also welcome.

Please e-mail your thoughts/advice/solutions to me direct.
I will post summaries of responses back to the net in due course.


regards,
tonyr