Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.2 9/18/84; site brl-tgr.ARPA
Path: utzoo!watmath!clyde!burl!ulysses!allegra!bellcore!decvax!genrad!panda!talcott!harvard!seismo!brl-tgr!tgr!phil@RICE.ARPA
From: phil@RICE.ARPA (William LeFebvre)
Newsgroups: net.unix-wizards
Subject: Re: disallowing dialup logins for root
Message-ID: <8396@brl-tgr.ARPA>
Date: Thu, 21-Feb-85 05:25:46 EST
Article-I.D.: brl-tgr.8396
Posted: Thu Feb 21 05:25:46 1985
Date-Received: Tue, 26-Feb-85 08:23:49 EST
Sender: news@brl-tgr.ARPA
Lines: 26

> here's down!/.profile, written by pat parseghian, bowdlerized by me:
>	trap exit 1 2 3 15
>	if [ "`tty`" != "/dev/console" ]
>	then
>		echo "root must log in on the console"
>		exit 1
>	fi
>	trap 1 2 3 15
> there is probably a narrow window of vulnerability here.  

Don't know about Bell systems, but this functionality is already built
in to Berkeley's login.c.  It checks a file called /etc/securetty
whenever root logs in.  It will only allow root logins on the ttys
listed in that file.  If the file doesn't exist, then it will let root
login anywhere.  About the only thing you can't do with this mechanism
is print an informative message (like "root must log in on the console"),
but I don't think that's all that big a loss.  There is also no "window
of vulnerability" in this scheme.

This is documented (although rather briefly) on the manual page for
login(1).

                                William LeFebvre
				Department of Computer Science
				Rice University
                                <phil@Rice.arpa>