Path: utzoo!attcan!uunet!samsung!zaphod.mps.ohio-state.edu!wuarchive!mit-eddie!bloom-beacon!eru!hagbard!sunic!news.funet.fi!funic!santra!fuug!demos!avg
From: avg@hq.demos.su (Vadim G. Antonov)
Newsgroups: comp.unix.internals
Subject: Re: Finding Passwords
Message-ID: <1990Oct7.155203.13283@hq.demos.su>
Date: 7 Oct 90 15:52:03 GMT
References: <8685@mirsa.inria.fr> <12438:Oct223:00:3290@kramden.acf.nyu.edu> <651@puck.mrcu> <21948:Oct606:29:2890@kramden.acf.nyu.edu> <52347@brunix.UUCP> <BZS.90Oct6191703@world.std.com>
Reply-To: avg@hq.demos.su (Vadim G. Antonov)
Organization: DEMOS, Moscow, USSR
Lines: 25


	Hi! I think the problem of login trojan horses has a quite simple
	solution:

	1) There should be UNMASKABLE method of killing all programs
	   reading this terminal. It may be a predefined sequence
	   of characters or a special hardware signal like BREAK or
	   CARRIER DROP. This feature should be hard-coded in TTY
	   driver.

	2) All processes, associated with a TTY should be killed
	   (as SIGHUP does) andprotected processes should be
	   RE-ASSOCIATED with an unique TTY-id (which actually
	   does not exist).

	Each user SHOULD should enter unmaskable sequence before login
	(I think the login program must check that this seq was entered
	to force lusers to use it).

	Seems to me an appropriate hack is about 20 lines in a kernel
	and getty.

	Vadim Antonov
	DEMOS, Moscow, USSR
	(It is NOT a joke!)