Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!csd4.milw.wisc.edu!lll-winken!uunet!tektronix!reed!keithb
From: keithb@reed.UUCP (Keith Brown)
Newsgroups: comp.unix.microport
Subject: 386 3.0e login patch allows root anywhere
Message-ID: <12502@reed.UUCP>
Date: 20 Apr 89 10:39:47 GMT
Reply-To: keithb@reed.UUCP (Keith Brown)
Organization: Reed College, Portland OR
Lines: 27


 
I hacked into the login program and found a one-byte change that moves
the 'restricted to (main) console' UID from 0 (root) to any other value
less than 128 (a signed char).  My personal hack changes the restriction
to UID 99 and I've set up a tape-backup account on that UID which forces
the backup activities to take place at the console in an rshell.  It frees 
root and the various sysadm type functions to be run anywhere.
 
The code is only a screen and a half so, based on the results of my next
question, I'll just post it in a message.
 
Now for the question:  Should I post it?  

If I don't hear complaints within a week or so, I'll go ahead.  Note, 
you would require root or su privileges to implement the patch.  Oh, and 
it does some checking to be sure you're playing with the same sandbox 
I'm in.  Comes in source-only format, so you'll have to compile it, or 
patch with a debugger.

-Keith

-- 
Keith Brown
UUCP:  {decvax allegra ucbcad ucbvax hplabs ihnp4}!tektronix!reed!keithb
BITNET: keith@reed.BITNET       ARPA: keithb%reed.bitnet@cunyvm.cuny.edu
CSNET: reed!keithb@Tektronix.CSNET     CIS: 72615,216