Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watmath!clyde!rutgers!ll-xn!mit-eddie!uw-beaver!tektronix!tekgen!puffin!penguin!richl From: richl@penguin.UUCP Newsgroups: comp.unix.questions Subject: Making a secure console (was: Async terminal as console on a Sun) Message-ID: <80@puffin.USS.TEK.COM> Date: Sat, 12-Sep-87 02:05:44 EDT Article-I.D.: puffin.80 Posted: Sat Sep 12 02:05:44 1987 Date-Received: Sun, 13-Sep-87 07:46:18 EDT References: <2363@vdsvax.steinmetz.UUCP> <418@hubcap.UUCP> Sender: nobody@puffin.USS.TEK.COM Reply-To: richl@penguin.USS.TEK.COM (Rick Lindsley) Organization: Tektronix, Inc., Beaverton, OR. Lines: 67 david@elroy.Jpl.Nasa.Gov (David Robinson) writes: > This brings up a problem that exists with Suns that I have. The Suns > are inherently insecure because anyone using a 3/50 can just > power off the machine and reboot it in single user mode and become > root. It has been suggested that "login root" be added to /.profile, and several people have pointed out the problem in that. I proposed a solution in the Sun-Spots mailing list which I'll again offer here. My /.profile on my Sun 3/50 looks like: stty erase ^H kill ^U PATH=/etc:/usr/etc:/usr/ucb:/bin:/usr/bin:/local export PATH TERM if [ `tty` = /dev/console ] then trap '' 2 3 ok=no while [ $ok = no -a -f /local/chkpass ] do /local/chkpass root case $? in 0) ok=yes;; 1) echo Sorry;; 2) echo Something\'s wrong with passwd; I\'ll allow you this time. ok=yes ;; 3) echo chkpass improperly invoked\; allowing root for now.... ok=yes;; *) echo unknown error status from chkpass\; allowing root for now ... ok=yes;; esac done trap 2 3 fi To do this requires that a copy of /usr/bin/tty be placed in /local, and that of course /local be part of /, not a mounted file system. If you don't mind having to supply root's password twice on an su, I guess you wouldn't even have to do that. Chkpass is a simple program which blocks keyboard-generated interrupts and grabs a password. It has the advantage of possibly being simple enough to even make it useful for other shell script situations. It returns 0 if the password is correct, 1 if not, 2 if it can't find /etc/passwd, and 3 if there was a usage problem. It also has the advantage that you could, conceivably, ask for a password other than root's. It does NOT tell whose password it is asking for; the person rebooting had better know that. This provides security for my 3/50 without having to have sources to init. Which, coincidentally enough, I don't. If you forget root's password, you will only be able to come up multi-user. If you can't for some reason (fsck fails, maybe), then you will need a miniroot. But that seems a small price, to me. You're normally up a creek without a paddle anyway when you forget root's password. I'll be happy to send chkpass to anyone that wants it; if I'm deluged I'll post it to one of the moderated source newsgroups. It's tiny; the man page is longer than the program source. Rick