Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!husc6!cmcl2!rutgers!labrea!jade!eris!chapman From: chapman@eris.BERKELEY.EDU (Brent Chapman) Newsgroups: comp.unix.questions Subject: Re: Security on Suns (was: Async terminal as console on a Sun) Message-ID: <4900@jade.BERKELEY.EDU> Date: Thu, 27-Aug-87 01:58:24 EDT Article-I.D.: jade.4900 Posted: Thu Aug 27 01:58:24 1987 Date-Received: Sat, 29-Aug-87 08:53:00 EDT References: <306@pvab.UUCP> <26419@sun.uucp> <4341@elroy.Jpl.Nasa.Gov> <4946@columbia.edu> Sender: usenet@jade.BERKELEY.EDU Reply-To: chapman@eris.BERKELEY.EDU (Brent Chapman) Organization: UNIXversity of California at Berkeley Lines: 59 In article <4946@columbia.edu> dupuy@amsterdam.columbia.edu (Alexander Dupuy) writes: >In article <4341@elroy.Jpl.Nasa.Gov> (David Robinson) writes: >>This brings up a problem that exists with Suns that I have. The Suns >>are inherently insecure because anyone using a 3/50 can just >>power off the machine and reboot it in single user mode and become >>root. >> >When a Sun comes up (whether in single- or multi- user mode) the first thing >/etc/init does is to run a script called /etc/rc.boot. In this script, it is >possible to determine whether the machine is being brought up in single- or >multi- user mode. A simple password checking program could be used to prevent >unauthorized single user boots. > >[/bin/access uses getpass, crypt, getpwdent, etc. and is left as an exercise > for the reader.] > >Alternately, (or in addition to this) another approach can be taken. After the >rc.boot script is finished, a root /bin/sh is started. This (Bourne) shell >reads the file /.profile which can also tell whether this is a normal root >login, or a single-user boot. In the latter case, a password check could be >enforced. Using "login root" is much simpler than having to write your own "access" program, and works about as well. I've significantly hacked the /etc/rc* and /.profile files on my Suns to do two things: automaticly execute scripts in single-user mode, and ask for a root password on single-user boots. If the machine is booted single user (or "shutdown" to single user mode) and a file called "/single_user" exists and is less than a certain amount of time old (1 day? 1 hour? I don't remember), that file is executed, then moved to "/single_done". This allows me to do things like automatic unattended dumps by creating a file "/single_user" that has the necessary commands for the dump, then doing a "shutdown". When the single-user shell exits, the boot sequence continues, and the systems comes (back) up multi-user. [The idea for this was taken from some stuff on autodumps posted a while back, but I've modified and simplified what was posted quite a bit.] If the machine is booted single-user, a file called "/singleuserboot" is created (this is done in /etc/rc.boot). If the test for the automatic single-user script ("/single_user") in /.profile, outlined above, fails, then the existence of "/singleuserboot" is checked for. If it's there, the system does a "login root". If the login fails (timed out, wrong password, whatever), the system halts. If the login succeeds, the a csh is brought up for root (I prefer csh), and the /.cshrc erases the "/singleuserboot". I probably should do traps for interrupts in /.profile, but I haven't bothered to figure that out yet. When I exit the csh, the boot sequence continues, just as it would normally. Anyway, any reasonably bright sysadmin should be able to implement something like this to suit their system's needs. -Brent -- Brent Chapman Senior Programmer/Analyst chapman@mica.berkeley.edu Capital Market Technology, Inc. ucbvax!mica!chapman 1995 University Ave., Suite 390 Phone: 415/540-6400 Berkeley, CA 94704