Path: utzoo!utgpu!attcan!uunet!lll-winken!ames!mailrus!cornell!uw-beaver!rice!sun-spots-request
From: folta@tove.umd.edu (Wayne Folta)
Newsgroups: comp.sys.sun
Subject: Re: Putting "login root" in /.profile: a bad idea
Message-ID: <15212@mimsy.UUCP>
Date: 7 Jan 89 01:18:42 GMT
References: <8812122035.AA23342@csun.edu> <220@forsight.Jpl.Nasa.Gov>
Sender: usenet@rice.edu
Organization: U of Maryland, Dept. of Computer Science,gs
Lines: 12
Approved: Sun-Spots@rice.edu
Original-Date: 30 Dec 88 22:55:36 GMT
X-Sun-Spots-Digest: Volume 7, Issue 91, message 2 of 13

I did not think that "login root" by itself is sufficient to stop an
intruder.  After 60 seconds, doesn't the login timeout, and you proceed on
to single-user mode?  I seem to remember this, as I then added "haltsys"
in my .profile, to avoid this.  Was I hallucinating?

Wayne Folta          (folta@tove.umd.edu  128.8.128.42)

[[ If I recall correctly, sh will exec login rather than run it as a
subprocess.  If it times out, the process will disappear and init will
proceed on to multi-user mode.  However, if you're .profile said
"/bin/login" instead of "login", sh will not recognize it as a command
that needs special handling.  --wnl ]]