Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!rutgers!labrea!jade!eris!chapman
From: chapman@eris.BERKELEY.EDU (Brent Chapman)
Newsgroups: comp.unix.questions
Subject: Re: Async terminal as console on a Sun
Message-ID: <4901@jade.BERKELEY.EDU>
Date: Thu, 27-Aug-87 02:03:39 EDT
Article-I.D.: jade.4901
Posted: Thu Aug 27 02:03:39 1987
Date-Received: Sat, 29-Aug-87 08:53:12 EDT
References: <306@pvab.UUCP> <26419@sun.uucp> <4341@elroy.Jpl.Nasa.Gov> <2363@vdsvax.steinmetz.UUCP>
Sender: usenet@jade.BERKELEY.EDU
Reply-To: chapman@eris.BERKELEY.EDU (Brent Chapman)
Organization: UNIXversity of California at Berkeley
Lines: 30

In article <2363@vdsvax.steinmetz.UUCP> barnett@vdsvax.steinmetz.UUCP (Bruce G Barnett) writes:
#In article <4341@elroy.Jpl.Nasa.Gov> david@elroy.Jpl.Nasa.Gov (David Robinson) writes:
#|This brings up a problem that exists with Suns that I have.  The Suns
#|are inherently insecure because anyone using a 3/50 can just
#|power off the machine and reboot it in single user mode and become
#|root.

#The solution we use here is to add
#
#	login root
#
#to  /.profile

I don't think this is sufficient, because if 'login' exits (in the case of a
timeout, or whatever), the execution of /.profile continues as normal.  So
all you need to do to beat this installation is to wait sixty seconds for the
login to timeout...  The solution, of course, is to put "/etc/halt" as the
next line in the /.profile after the "login root".  That way, if the login 
times out, the system just halts.  You might also want to add traps for 
interrupts to the /.profile, to prevent someone from interrupting the /.profile
execution before it reaches the "login root" line (tricky, I know, but possible
none the less).


-Brent
--
Brent Chapman				Senior Programmer/Analyst
chapman@mica.berkeley.edu		Capital Market Technology, Inc.
ucbvax!mica!chapman			1995 University Ave., Suite 390
Phone: 415/540-6400			Berkeley, CA  94704