Another Bug with Vcon (System V/AT 2.4)

[Michael J. Young]

I just discovered a potentially serious bug in /etc/vcon under System V/AT
version 2.4.

In my other posting I mentioned that if you start up a new virtual console
while logged in from another console, vcon will not only create the
new console, but automatically log you into the new console.  Well, it
turns out that under the newly created console the user has its group
set to 'root'!  This is a serious security breach.  I wouldn't recommend
using /etc/vcon until it's fixed.

Frankly, I think /etc/vcon has too many quirks about the way it operates
to be useful.  It would be much nicer if it was more configurable.  I'd
like to see the following things made configurable:

1.  Be able to turn off the 'auto-login' feature.

2.  Be able to tell /etc/vcon which gettydefs entry to use when starting
    a getty on a newly created console.
-- 
Mike Young
Software Development Technologies, Inc., Sudbury MA       Tel: +1 508 443 5779
Internet: mjy at sdti.sdti.com                 UUCP: {harvard,mit-eddie}!sdti!mjy