Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!rutgers!ucla-cs!sdcrdcf!psivax!rdlvax!salzman From: salzman@rdlvax.UUCP (Gumby) Newsgroups: comp.unix.wizards,comp.unix.questions Subject: Re: Modem hangup difficulties under 4.3BSD on a VAX Message-ID: <90@rdlvax.UUCP> Date: Tue, 21-Apr-87 02:48:19 EST Article-I.D.: rdlvax.90 Posted: Tue Apr 21 02:48:19 1987 Date-Received: Wed, 22-Apr-87 03:40:46 EST References: <4183@nsc.nsc.com> Reply-To: salzman@rdlvax.UUCP (Gumby) Organization: Research Development Labs, Culver City, CA. Lines: 64 Keywords: hayes modems 4.3bsd hangup dialin security Summary: a possible solution with extra benefits! Xref: mnetor comp.unix.wizards:1989 comp.unix.questions:2002 In article <4183@nsc.nsc.com> tron@nsc.nsc.com (Ronald S. Karr) writes: >At nsc we have noticed a problem with our modem lines which is becoming >quite annoying. When somebody leaves a process in background and then >logs out the modem does not hangup. Then, when another call comes in on >that modem it does not answer. Everything seems to work correctly when >no background processes remain. I have a solution to that problem that's been working well for a while, and has an added benefit: dialin security! It runs on a VAX 11/780 4.2bsd, should be pretty much the same on 4.3bsd.... The original intent was to provide extra security to dialin lines without hacking /bin/login itself (since I don't have source liscense :-(. It lies between getty and login and prompts for an additional password for dialin access and then fork()'s and exec()'s /bin/login. It maintains a very extensive log of ALL attempts to access the dialin lines, good or bad - which can easily be fed to awk for a nice report. Also multiple attempts are not allowed and the line is locked out to the same user name for a set period of time (or until root unlocks it). Now, for the solution to the problem: as I said, it fork()'s and exec()'s login, it doesn't just exec() it, meaning that when login finishes (i.e. when your shell exit()'s since it's execed from login) it makes an entry in the log file and forces a hangup on the line: tty.sg_ispeed = tty.sg_ospeed = 0; ioctl(0,TIOCSETP, &tty); /* HANG IT UP!! */ Get the idea? You always hangup, period, no matter what's running in the background. It has no adverse effects on background processes either, at least that I know of. I commonly run makes in the background and logout with no problems. If my line gets interrupted for any reason (somone calls and my call waiting hangs it - i HATE that :-), SIGHUP gets sent to all the children as it should and any forground process I have will get taken care of properly also.... I don't know if forking login as opposed to execing login has any wierd effects - I have yet to see any. I'd like to hear what some of the Guru's out there think of this.... Anyway, if anyone's interested in this stuff, e-mail me. If I get enough responses, I will clean it up and pack it off to mod.sources (or is it now comp.sources.unix), or net.sources, or I'll just mail to those interested if I get a few responses. Any thoughts on dialin security and other solutions are appreciated (those that don't involve hacking /bin/login). By the way I happen to believe that this one can't be cracked. If someone would like to try cracking it, I'll send them a copy... If it can be cracked, I'd like to know how, so I can fix it! :-) -Isaac Salzman. -- * Isaac Salzman - Systems Analyst ---- * Research Development Labs (RDL) /o o/ / * 5721 W. Slauson Ave. | v | | * Culver City, California, 90230 _| |_/ * AT&T: +1 213 410 1244, x118 / | | * UUCP: ...!{psivax,csun,sdcrdcf,ttidca}!rdlvax!salzman | | | * ARPA: rdlvax!salzman@SEISMO.CSS.GOV | |