Path: utzoo!utgpu!jarvis.csri.toronto.edu!rutgers!cs.utexas.edu!uunet!mcvax!hp4nl!maestro!jand
From: jand@maestro.htsa.aha.nl (Jan Derriks)
Newsgroups: comp.sys.sequent
Subject: Re^2: Systech tty hangup "fixed".
Keywords: hangup tty systech
Message-ID: <954@maestro.htsa.aha.nl>
Date: 2 Jun 89 08:29:41 GMT
References: <948@maestro.htsa.aha.nl> <72334@pyramid.pyramid.com>
Reply-To: jand@htsa.UUCP (Jan Derriks)
Organization: AHA-TMF (Technical Institute), Amsterdam The Netherlands
Lines: 27

In article <72334@pyramid.pyramid.com> csg@pyramid.pyramid.com (Carl S. Gutekunst) writes:
>>
>>The disadvantage of 2. is that users will not be logged out when they
>>turn off their terminal or hang up the modem line.
>
>This is a serious security hole. User hangs up leaving an active session, and
> ....
>I'd rather deal with the tty hangs. You can't break into a hung line. ;-)
	Of course it's a choice you are free to make. You can also leave
	the wiring on dialup lines as it was, and change it on non-dialup ones.
	I think if a user 'forgets' to log off it's  *his* security
	problem (unless he has euid==0). (btw, we have a 'inactive time-out'
	daemon running that kills a shell (and everything with it) when
	a user has not touched his keyboard in x seconds).

>
>But, why hasn't Sequent put its hands around Systech's throat and *demanded*
>they fix this problem?
>
	I heard that sequent is giving the problem more attention since 
	the articles here on comp.sys.sequent...
	(are you not, Sequent ?.... hello ?? ... anybody there ? ).


Jan Derriks                                 AHA-TMF (H.T.S. 'Amsterdam')
jand@htsa.aha.nl  (..hp4nl!htsa!jand)       Europaboulevard 23
phone: +31 20423827                         1079 PC Amsterdam,  The Netherlands