Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!usc!wuarchive!uunet!mcsun!ukc!keele!csd35
From: csd35@seq1.keele.ac.uk (Jonathan Knight)
Newsgroups: comp.unix.admin
Subject: Re: Security in SunOS
Message-ID: <900@keele.keele.ac.uk>
Date: 21 Feb 91 15:51:29 GMT
References: <1991Feb20.155250.18960@pcserver2.naitc.com>
Organization: University of Keele, England
Lines: 14

> In article <784@jt.dk> erl@jt.dk (Erik B. Larsen) writes:
>>I've noticed af security-hole in SunOS (maybe).
>>If you have a diskless workstation mounted on af server, and they are running
>>NIS, then of cource you only have one entry for root (on the server).

You can remove the 'secure' option for console in /etc/ttytab and then
you won't get a shell.  Instead you'll get a demand for a password.


-- 
  ______    JANET :jonathan@uk.ac.keele.cs     Jonathan Knight,
    /       BITNET:jonathan%cs.kl.ac.uk@ukacrl Department of Computer Science
   / _   __ other :jonathan@cs.keele.ac.uk     University of Keele, Keele,
(_/ (_) / / UUCP  :...!ukc!kl-cs!jonathan      Staffordshire.  ST5 5BG.  U.K.