richl@penguin.UUCP (09/12/87)
david@elroy.Jpl.Nasa.Gov (David Robinson) writes: > This brings up a problem that exists with Suns that I have. The Suns > are inherently insecure because anyone using a 3/50 can just > power off the machine and reboot it in single user mode and become > root. It has been suggested that "login root" be added to /.profile, and several people have pointed out the problem in that. I proposed a solution in the Sun-Spots mailing list which I'll again offer here. My /.profile on my Sun 3/50 looks like: stty erase ^H kill ^U PATH=/etc:/usr/etc:/usr/ucb:/bin:/usr/bin:/local export PATH TERM if [ `tty` = /dev/console ] then trap '' 2 3 ok=no while [ $ok = no -a -f /local/chkpass ] do /local/chkpass root case $? in 0) ok=yes;; 1) echo Sorry;; 2) echo Something\'s wrong with passwd; I\'ll allow you this time. ok=yes ;; 3) echo chkpass improperly invoked\; allowing root for now.... ok=yes;; *) echo unknown error status from chkpass\; allowing root for now ... ok=yes;; esac done trap 2 3 fi To do this requires that a copy of /usr/bin/tty be placed in /local, and that of course /local be part of /, not a mounted file system. If you don't mind having to supply root's password twice on an su, I guess you wouldn't even have to do that. Chkpass is a simple program which blocks keyboard-generated interrupts and grabs a password. It has the advantage of possibly being simple enough to even make it useful for other shell script situations. It returns 0 if the password is correct, 1 if not, 2 if it can't find /etc/passwd, and 3 if there was a usage problem. It also has the advantage that you could, conceivably, ask for a password other than root's. It does NOT tell whose password it is asking for; the person rebooting had better know that. This provides security for my 3/50 without having to have sources to init. Which, coincidentally enough, I don't. If you forget root's password, you will only be able to come up multi-user. If you can't for some reason (fsck fails, maybe), then you will need a miniroot. But that seems a small price, to me. You're normally up a creek without a paddle anyway when you forget root's password. I'll be happy to send chkpass to anyone that wants it; if I'm deluged I'll post it to one of the moderated source newsgroups. It's tiny; the man page is longer than the program source. Rick