Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!tut.cis.ohio-state.edu!bloom-beacon!apple!amdahl!shs
From: shs@uts.amdahl.com (Steve Schoettler)
Newsgroups: comp.sources.d
Subject: Re: getty/login for callback
Keywords: tip getty login
Message-ID: <190Gi42ltV1010a0D5M@amdahl.uts.amdahl.com>
Date: 14 Apr 89 20:15:53 GMT
References: <180001@mechp10.UUCP> <13853@rpp386.Dallas.TX.US> <797@twwells.uucp> <18yLb6a0ib1010aFV6Y@amdahl.uts.amdahl.com> <624@peritek.UUCP>
Reply-To: shs@amdahl.uts.amdahl.com (Steve Schoettler)
Distribution: usa
Organization: Amdahl Corporation, Sunnyvale CA
Lines: 35

In article <624@peritek.UUCP> dig@peritek.UUCP (Dave Gotwisner) writes:
># 	user calls the computer. (can be from a terminal + modem or
>#              home computer + modem)
>#         user logs into the computer and runs ntip.
>#         then user logs off, hangs up, sets the modem on auto-answer,
>#         and the computer calls him up and forks a shell out the computer's
>#              serial port, which the user sees on his terminal, just as
>#              getty/login did when the user called the computer.
>
>There is still a security hole here.  The idea of the original post was
>to have a secure program running on the line (I think, at least that's what
>callme offers).  If you can log into the system, so can anyone else who
>wants to run a password cracker.

Ok one more try.  You call up and log in through the normal getty/login.
You can't get into the system without a password and login id.  Then,
you run a separate program "ntip" which calls you back, forking an
rlogin.  When the machine dials you up, the first thing that you would
see on your terminal is a Password: prompt, or the login messages (if
the .rhosts were set up appropriately).  In our case, the dial out line
was separate from the dial in line, but this is not a requirement.

I don't see how this is any less secure than the standard unix login.
One security hole might be /etc/remote, which, if writable, could be
changed so that a user who thinks he is calling himself, would actually
send a shell out to whoever's number was in that file.   So, only allow
modification of /etc/remote by root.

Steve
-- 

        Steve Schoettler
        shs@uts.amdahl.com
        {sun,decwrl,pyramid,ames,uunet}!amdahl!shs
        Amdahl Corp., M/S 213, 1250 E. Arques Ave, Sunnyvale, CA 94088