deceptive mail and /bin/login
Dave Martindale
dmmartindale at watcgl.UUCP
Wed Nov 21 04:48:36 AEST 1984
> > Make /bin/login mode 500 owned by root and it will fail on exec,
> > usually causing /etc/init to fork another copy of itself and the
> > new user to thus get a fresh copy of /bin/login for normal login,
>
> Of course, if you are dialed up or are connected through a switch on a
> line that has the TIOCHPCL bit set, the line gets dropped before init
> has the chance to start a new getty (getty execs login after it gets
> the login name). I'm afraid I don't like that idea much.
> William LeFebvre
How about having login check that its parent is init (i.e. parent's PID==1)?
Then, you can still do "login newuser" from the shell, as designed, and
everything works properly, but people who try to do the bogus
"(login newuser)" get thrown back into their original shell without the
wtmp ever getting changed.
More information about the Comp.unix.wizards
mailing list