*BSD News Article 5123


Return to BSD News archive

Path: sserve!manuel!munnari.oz.au!uunet!mcsun!Germany.EU.net!bs
From: bs@Germany.EU.net (Bernard Steiner)
Newsgroups: comp.unix.bsd
Subject: Re: root login on insecure terminals
Date: 16 Sep 1992 15:31:09 GMT
Organization: EUnet Backbone, Dortmund, Germany
Lines: 20
Distribution: world
Message-ID: <197jvtINNm0n@disaster.Germany.EU.net>
References: <3862@wzv.win.tue.nl>
NNTP-Posting-Host: walhalla.germany.eu.net

In article <3862@wzv.win.tue.nl>, guido@wzv.win.tue.nl (Guido van Rooij) writes:
> When root has no password, and you try to login as root from an
> insecure terminal, you succeed. Is this spec, or just a bug?
> I saw this behaviour on 386bsd, but the login it uses is from
> the net2 tapes (at least I think so.)

login.c says that a root login is performed if(uid==0 && password!="")
Iow go install /etc/nologins, log out and try to login on console as root
(without a password) => no logins blah blah

Sounds familiar. :-(

-Bernard
-- 
Bernard Steiner, FB Informatik/IRB, Uni Dortmund,    vox +49 231 755 2444
Postfach 500500, D-W-4600 Dortmund 50, Germany       fax +49 231 755 2386
bs@Germany.EU.net          ...!uunet!unido!bs

*III  And they gave it Instructions, but knew it not. } From The Book of Nome,
*IV   It is, they said, a Box with a Funny Voice.     }      Mezzanine v.III-IV