Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site utah-gr.UUCP Path: utzoo!linus!decvax!genrad!mit-eddie!godot!harvard!seismo!utah-cs!utah-gr!thomas From: thomas@utah-gr.UUCP (Spencer W. Thomas) Newsgroups: net.unix-wizards Subject: Re: Why you shouldn't chmod 500 /bin/login Message-ID: <1250@utah-gr.UUCP> Date: Wed, 21-Nov-84 01:55:16 EST Article-I.D.: utah-gr.1250 Posted: Wed Nov 21 01:55:16 1984 Date-Received: Thu, 22-Nov-84 08:25:59 EST References: <5807@brl-tgr.ARPA> <269@ut-sally.UUCP> <1173@orca.UUCP> Reply-To: thomas@utah-gr.UUCP (Spencer W. Thomas) Organization: Univ of Utah CS Dept Lines: 37 Summary: In article <1173@orca.UUCP> andrew@orca.UUCP (Andrew Klossner) writes: > >The big win of the builtin shell "login" command is that it logs me out >and lets you log in without hanging up the modem line. If you chmod >500 /bin/login, then the line will drop when exec("/bin/login") fails. >Inconvenient. An easy fix (if you have source) is to have /bin/login check if its ppid == 1, and exit if not. Foils those recursive logins right away. Still doesn't protect against the password collectors, though. If you don't have source, compile the little program below (call it ./login) and mv /bin/login /etc/login; chmod 500 /etc/login cp ./login /bin/login chmod 777 /bin/login; chmod u+s /bin/login /* * Quick hack to prevent recursive logins. Install as /bin/login, after * copying /bin/login to /etc/login (mode 500). Must be setuid root. * * NOTE and DISCLAIMER - this is completely untested, I haven't even * compiled it. */ #include main( argc, argv ) char **argv; { if ( getppid() !=1 ) { fprintf( stderr, "Can't do recursive logins\n" ); exit( 1 ); } execv( "/etc/login", argv ); perror( "Can't exec login" ); exit( 1 ); }