Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site brl-tgr.ARPA
Path: utzoo!linus!philabs!cmcl2!seismo!brl-tgr!tgr!sienkiew@udel-huey
From: sienkiew@udel-huey
Newsgroups: net.unix-wizards
Subject: Re: UNIX source vs. binary (NOT A LEGAL ARGUMENT)
Message-ID: <8346@brl-tgr.ARPA>
Date: Wed, 20-Feb-85 12:01:54 EST
Article-I.D.: brl-tgr.8346
Posted: Wed Feb 20 12:01:54 1985
Date-Received: Sun, 24-Feb-85 04:20:39 EST
Sender: news@brl-tgr.ARPA
Organization: Ballistic Research Lab
Lines: 29


>trap exit 1 2 3 15
>if [ "`tty`" != "/dev/console" ]
>then
>	echo "root must log in on the console"
>	exit 1
>fi
>trap 1 2 3 15
>
>there is probably a narrow window of vulnerability here.  

The window is small, but it is there. If you put in .profile only the line

bye

it is still possible to log in to that account.  By repeatedly hitting
interrupt after typing your password, you have a chance of catching 
sh between it's signal() call and the execution of the first command.
I know this because this is exactly what someone did to me when I was
a novice Unix user.  (This was on seventh edition unix.)

This same characteristic exists in HP-UX (a derivative of System III),
but I was unable to duplicate it with csh.

You might want to just rewrite login for your site--it's really a pretty
trivial program, and well worth it if the security is that important to
you.

				Mark.