Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site ttrdc.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!mhuxr!mhuxn!ihnp4!mgnetp!ltuxa!ttrdc!levy
From: levy@ttrdc.UUCP (Daniel R. Levy)
Newsgroups: net.unix
Subject: Re: Alternate Shells
Message-ID: <386@ttrdc.UUCP>
Date: Wed, 28-Aug-85 13:35:48 EDT
Article-I.D.: ttrdc.386
Posted: Wed Aug 28 13:35:48 1985
Date-Received: Sat, 31-Aug-85 03:29:18 EDT
References: <49600007@convexs> <10672@Glacier.ARPA> <275@uwvax.UUCP>
Organization: AT&T, Computer Systems Division, Skokie, IL
Lines: 38

In article <275@uwvax.UUCP>, david@wisc-rsch.arpa (David Parter) writes:
>> Next joke, please.   Suffice it  to say  that "lock"  isn't nearly as
>> secure as  it might  lead you  to believe.   This  probably isn't the
>> place  to  go  into  the  details  of why,  but I  wouldn't trust the
>> standard "lock" to protect anything I valued.
>
>>           Doug Hosking
>
>possible solutions:
>    1)  don't leave your terminal (logged in) alone.
>    2)  fix lock, if you need a secure locking mechanism for yourself
>        or your users. We have made some fixes to it.
>
>david
>--
>david parter
>UWisc Systems Lab
>
>uucp:	...!{allegra,harvard,ihnp4,seismo, topaz}!uwvax!david
>arpa now:	david@wisc-rsch.arpa
>arpa soon:	david@wisc-rsch.WISCONSIN.EDU or something like that

I didn't see the original (Hosking) so I am replying to this one.  The
key to the extant lock can be pried by anyone who has access to the source
code, or who can do a strings on the binary.  It's an open secret, and I'm
sure every hacker from Maine to California knows it.  If you MUST have a
master key to lock change it from the default and make the source and binary
readable only to root (if at all).  Actually I don't even see the need for a
master key at all; if you forget, just log in elsewhere and kill the process
with signal 9. (And stty sane < /dev/tty_whatever.)
-- 
 -------------------------------    Disclaimer:  The views contained herein are
|       dan levy | yvel nad      |  my own and are not at all those of my em-
|         an engihacker @        |  ployer, my pets, my plants, my boss, or the
| at&t computer systems division |  s.a. of any computer upon which I may hack.
|        skokie, illinois        |
 --------------------------------   Path: ..!ihnp4!ttrdc!levy
                                      or: ..!ihnp4!iheds!ttbcad!levy