Path: utzoo!attcan!uunet!seismo!sundc!pitstop!sun!decwrl!ucbvax!husc6!rice!sun-spots-request
From: karl@cis.ohio-state.edu (Karl Kleinpaste)
Newsgroups: comp.sys.sun
Subject: Re: Asking for root passwd when booting single user
Message-ID: <2354@kalliope.rice.edu>
Date: 16 Dec 88 17:54:22 GMT
Sender: usenet@rice.edu
Organization: Sun-Spots
Lines: 21
Approved: Sun-Spots@rice.edu
Original-Date: 9 Dec 88 21:47:23 GMT
X-Sun-Spots-Digest: Volume 7, Issue 61, message 2 of 12

dieter@titan.nmt.edu writes:
   > How can I set the system to ask for the root passwd, when booting single
   > user ?

   % cat /.profile
   PATH=/usr/local:/etc:/usr/etc:/usr/ucb:/usr/bin:/bin:.
   export PATH TERM
   trap exit 2 3 15
   login root

There is a very small/short window of vulnerability, while sh is starting
up and evaluating the PATH= and export lines.  It is very, *very* small
and hence in practice is no problem.  But the hole is still there in this
example.  Give a determined abuser a few hours and he may succeed.

We accomplish approximately the same thing with a program /bin/singleuser
which protects itself from all `reasonable' signals and then demands the
root password, with an N-minute timeout (don't remember N just now).  It's
the 1st line in /.profile.

--Karl