Autologout of unused terminals

Fri Dec 9 11:11:57 AEST 1988

in article <17885 at glacier.STANFORD.EDU>, jbn at glacier.STANFORD.EDU (John B. Nagle) says:
> 
> 
>       The solution used in some high-security environments is to build a
> physical fence around the terminal and its user.  Opening the gate in
> the fence forces an immediate logout.

But every time your boss comes to visit you have to explain why you
arn't even loggend in ;-)

>       This is more than most sites would want.  However, it might not
> be unreasonable in some installations to protect priviledged terminals
> in this way.

There is a shell-over-login aproach which I have deduced, but not
tried.  you move "/bin/login" to "/bin/login2" and make the following
program into "/bin/login":  (general description, not code fragment I
leave the actual code as an excersize to the reader)

static	int	loginpid;

void	killsession()
{
/* kill loginpid and MAKE SHURE it's DEAD depend on Death-of-parent
for exit */
	while (0 == 0) {
	kill(loginpid,9);
	sleep(3);
	}
}

void	watcher()
{
	/* get current time in seconds
	   fstat stdin */
	/* if stdin_time - current_time > allowable then killsession
*/
}

main(argc,argv)
int	argc;
char	*argv[];
{
	if (fork()==0) {
		loginpid = getppid();
/*	SET SIGNAL TO CALL Killsession on any significant signaling
	event to prevent user from killing processes and voiding the
	intent of this file.  Death-of-parent should not be trapped
	to allow abortive exit.  			*/
	watcher();
		}
	else	{
		execv("/bin/login",argv);
		exit(-1);
		}
}

WHY THIS WORKS:  After the fork the PARENT process is exec(ed) to
login which fufills login's requirement that its parent be init.
The child process is set to be ended when the parent dies for any
reason, so the program needs no exit state.  If the child process
receives any kind of signal it will kill the login process/first
shell/primary environment/whatever which was it's parent.  If fstat
reveals that the communication port has not been read-from or
written-to within an acceptable time (via fstat of stdin, do not use
stat on /dev/tty as this is often updated by many people) the
login/etc. process is killed; and the child process is signaled to
death in the process.

Warning:  MAKE SHURE YOU HAVE one (or more) terminal logged in as root, and
another one on which to preform the test of the installation.  If you
don't do this you could end up not logged in as anything, and have no
working /bin/login to let you in al all.  THIS CAN BE A REAL
NIGHTMARE!

Disclaimer:  I didn't write the program, I only came up with the idea.
IF it dosn't work, or it damages your system, don't look at me!  I
DIDN'T WRITE IT and I'm not in the habbit of taking the blame for
things I didn't do.

Rob.