jand@maestro.htsa.aha.nl (Jan Derriks) (06/02/89)
In article <72334@pyramid.pyramid.com> csg@pyramid.pyramid.com (Carl S. Gutekunst) writes: >> >>The disadvantage of 2. is that users will not be logged out when they >>turn off their terminal or hang up the modem line. > >This is a serious security hole. User hangs up leaving an active session, and > .... >I'd rather deal with the tty hangs. You can't break into a hung line. ;-) Of course it's a choice you are free to make. You can also leave the wiring on dialup lines as it was, and change it on non-dialup ones. I think if a user 'forgets' to log off it's *his* security problem (unless he has euid==0). (btw, we have a 'inactive time-out' daemon running that kills a shell (and everything with it) when a user has not touched his keyboard in x seconds). > >But, why hasn't Sequent put its hands around Systech's throat and *demanded* >they fix this problem? > I heard that sequent is giving the problem more attention since the articles here on comp.sys.sequent... (are you not, Sequent ?.... hello ?? ... anybody there ? ). Jan Derriks AHA-TMF (H.T.S. 'Amsterdam') jand@htsa.aha.nl (..hp4nl!htsa!jand) Europaboulevard 23 phone: +31 20423827 1079 PC Amsterdam, The Netherlands
csg@pyramid.pyramid.com (Carl S. Gutekunst) (06/02/89)
In article <954@maestro.htsa.aha.nl> jand@htsa.UUCP (Jan Derriks) writes: > I think if a user 'forgets' to log off it's *his* security > problem (unless he has euid==0). You can't be serious. I know of a dozen different ways on 4.2BSD where if you are *any* user, you can trivially become root, uucp, and a number of other in- teresting UIDs -- and I'm no security expert. Sequent has probably fixed some of these, but many security holes rely on a watchful system administrator to plug them. What are your permissions on /usr/spool/at, for instance? <csg>