Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1a 12/4/83; site rlgvax.UUCP
Path: utzoo!watmath!clyde!burl!mgnetp!ihnp4!mhuxl!houxm!houxz!vax135!cornell!uw-beaver!tektronix!hplabs!hao!seismo!rlgvax!guy
From: guy@rlgvax.UUCP (Guy Harris)
Newsgroups: net.unix-wizards
Subject: RE: Why does the S5 init run "/bin/su" in single-user mode
Message-ID: <2050@rlgvax.UUCP>
Date: Sat, 23-Jun-84 13:20:11 EDT
Article-I.D.: rlgvax.2050
Posted: Sat Jun 23 13:20:11 1984
Date-Received: Thu, 28-Jun-84 00:38:33 EDT
References: <265@rna.UUCP>
Organization: CCI Office Systems Group, Reston, VA
Lines: 21

> Hi,
> 	One reason I might do such a thing is to prevent passers-by from
> booting the system and getting a root shell. On my system, I replaced
> init's call to /bin/sh to /bin/login to achieve the same thing. I felt that
> the rare chance that /bin/login, /etc/passwd were corrupted but NOT /bin/sh
> was small compared to the value of not being able to get an easy root shell.

Unfortunately, if the "su" process' UID is root, it won't ask for a password.
This is nice in that it allows "root" to easily "su" to anybody, but it means
that "/bin/su" won't ask for a password, so you'll still be able to boot
the system and get a root shell.

If I remember correctly, most PDP-11 and VAX-11 processors have keyswitches
which can be put in a "disable" position that keeps anybody from rebooting
them.  If the key is left in the processor, a passerby can shut your machine
down even if they can't reboot and get a root shell.  Our micros have a
keyswitch which controls the "boot" button, so again without a key a user
can't do much.

	Guy Harris
	{seismo,ihnp4,allegra}!rlgvax!guy