Path: utzoo!attcan!uunet!husc6!m2c!necntc!encore!loverso
From: loverso@encore.UUCP (John Robert LoVerso)
Newsgroups: comp.unix.wizards
Subject: Re: Booting SunOS 4.0 singlu user (was Re: NFS security)
Summary: SunOS 4.0 and a "secure" console isn't
Keywords: ttys, secure
Message-ID: <3574@encore.UUCP>
Date: 8 Sep 88 14:19:25 GMT
References: <126@leibniz.UUCP> <670028@hpclscu.HP.COM> <1394@basser.oz> <1202@luth.luth.se> <66897@sun.uucp> <14186@comp.vuw.ac.nz> <3168@emory.uucp>
Reply-To: loverso@encore.UUCP (John Robert LoVerso)
Organization: Encore Computer Corp, Marlboro, MA
Lines: 30

In article <3168@emory.uucp> arnold@emory.UUCP (Arnold D. Robbins) writes:
> This feature is straight-forward, and fairly elegant. The file /etc/ttytab
> is in the format of the 4.3BSD /etc/ttys:
> 
> # name	getty				type		status	comments
> #
> console	"/usr/etc/getty std.9600"	sun		on secure
> 
> The 'secure' on the line for the console has the usual meaning of "root
> can log in on this terminal", and is also overloaded to mean "OK, you can
> come up with a single user root shell". If 'secure' is missing, or /etc/ttytab
> is not there, then the system prompts for the root password when booting
> single user.
> 
> This could profitably be incorporated into future BSD releases.

I hope not.  Sun has managed to corrupt "secure".  It originally meant
"it's ok for root to login on this line WITH A PASSWORD in multi-user mode".
Now it additionally means "DON'T prompt for a password when coming up
single user".  Without "secure" on the console, single-user mode will
prompt for a password.

I maintain that allowing a root login on a line in multi-user AT ALL
and allowing a single-user root shell without password are entirely
different things, and at best they ought to use a different flag than
"secure" in the ttys [ttytab] file.

John Robert LoVerso
Encore Computer Corp
encore!loverso, loverso@multimax.arpa, [soon: loverso@Encore.COM]