Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!linus!philabs!cmcl2!seismo!harvard!godot!ima!haddock!dan
From: dan@haddock.UUCP
Newsgroups: net.unix-wizards
Subject: Re: Re: maxusers in config file (4BSD)
Message-ID: <328@haddock.UUCP>
Date: Wed, 30-Jan-85 00:26:56 EST
Article-I.D.: haddock.328
Posted: Wed Jan 30 00:26:56 1985
Date-Received: Sun, 3-Feb-85 00:44:35 EST
Lines: 20
Nf-ID: #R:mtxinu:-27400:haddock:16800034:000:1316
Nf-From: haddock!dan    Jan 29 12:51:00 1985
Xref: seismo net.unix-wizards:11721

> This will only work if the login process used actually updates
> utmp. People could get round this by writing their own /bin/login
> without this feature and hey presto no limit!

True, but there's always a way around any restriction (you could disassemble
the kernel and patch it...).  Two points.  First, the owner of the system
is bound by the license agreement that the vendor supplied with the system,
which limits the number of logins permitted.  Any owner permitting more
would be in violation of the agreement.  Second, the login change ensures
that only by becoming super-user can one violate the license restriction; the
owner can (theoretically) make sure that only trusted people can become root.
So this change amounts to making sure that if more than the agreed number of
people can log in at once, someone's violating the law.

Now, suppose the owner of the system loans it to me, and I exploit some bug in
the ATT code to become root and arrange to permit me to log in myself and
all my friends.  Who would be responsible?  I've signed no agreement, and the
owner didn't ask me to limit the number of users because he thought the system
wouldn't let me.  Would ATT be responsible, for having the bug?  Or the vendor?
This is, of course, a purely hypothetical question, since no such bug exists :-)