Path: utzoo!attcan!uunet!mcvax!ukc!stl!andrew
From: andrew@stl.stc.co.uk (Andrew Macpherson)
Newsgroups: comp.unix.xenix
Subject: Re: Proper procedure for AUTOLOGIN in SCO
Keywords: sco auto login init getty
Message-ID: <1169@acer.stl.stc.co.uk>
Date: 10 Mar 89 23:20:32 GMT
References: <190@biar.UUCP>
Sender: news@stl.stc.co.uk
Reply-To: "Andrew Macpherson" <andrew@stl.stc.co.uk>
Organization: STC Technology Limited, London Road, Harlow, Essex, UK
Lines: 19

In article <190@biar.UUCP> trebor@biar.UUCP (Robert J Woodhead) writes:
| 
| Thats all there is to it.  I am however VERY disturbed about the security
| hole created by the AUTO process.  It seems to me that if they have gone
| to the trouble to provide the AUTO escape, then there should be a way to
| restrict certain accounts to certain terminals.  In this case I can just
| put some code in the .profile to check if tty returns '/dev/tty08' and
| log the user out if not (right?), but is there a better way to do this?  And
| is the above approach secure?
| 
You missed out 1 step, since the "AUTO" account is going to be running
your dedicated process "/etc/mylogin" or whatever, replace tty08's
shell with something useless of your own devising which will give
an appropriate rude message to anyone trying to login as tty08 on
another port.
Andrew Macpherson         | God bless the King! --- I mean the Faith's Defender
PSI%234237100122::andrew  | God bless (no harm in blessing) the Pretender!
andrew@stl.stc.co.uk      | But who Pretender is, or who the King, ---
..mcvax!ukc!stl!andrew   | God bless us all!  That's quite another thing.