rich@oxtrap.UUCP (K. Richard Magill) (08/05/88)
What follows is a bug report I've just filed to sequent about what looks like a security problem to me. Version: Fri Dec 4 14:25:36 PST 1987 - DYNIX V3.0.4 PN: 1003-xxxxx Fri Dec 4 21:14:24 PST 1987 - Delta Dynix V3.0.4 to NFS-option started Fri Dec 4 21:16:23 PST 1987 - Delta Dynix V3.0.4 to NFS-option complete Configuration: System Configuration: type no slic flags revision MEM 0 12 00000000 20.01.00 type=256k size=8.0Mb base=0x00000000 ileave-lo MEM 1 16 00000000 20.01.00 type=256k size=8.0Mb base=0x00000000 ileave-hi MBAD 0 24 00000000 00.04.01 f/w version=6 SCED 0 22 00000000 01.06.00 ver=23 host=7 enet=0800470004fe local ZDC 0 20 00000000 00.01.00 f/w version=9 PROC/032 00000000 00.06.01 no. 0(slic 4), 1(5), 2(8), 3(9), 4(10), 5(11) Summary: exceeding userlimit leaves console wide open Severity: Critical Category: Software Id: 02318 546605 /dynix Description: When more pty's are being used than "userlimit", init catches the fact as a violation of the dynix license. (more on this next bug report). The problem is that init forces the equivelant to a shutdown to single user mode leaving root on the console. "Hey, great! You mean I only need to open X+1 windows and I'm root?" You got it. Unless your windows use 2 pty's each, in which case you only need open (X/2)+1 which in our case is currently 9. A copy of this bug report is being forwarded to usenet and the appropriate arpa lists. [End Description] -- rich.
pwolfe@kailand.KAI.COM (08/05/88)
Sounds like you're using the "screen" program. At least, that how I found this problem. It's not the maximum number of ptys that is causing the crash, it's the fact that screen adds entries for new windows to the /etc/utmp file. Sequent's /etc/login program counts entries in utmp to determine how many people are logged in, and if more entries exist than are allowed by the limited user license, the system shuts down with the message "illegal user limit", making root available on the console. I sent a mailbug on this a long time ago, but Sequent responded that they had no plans to fix this problem. It's very annoying, because the "w" and "uptime" commands actually report the correct number of logins, but rwho and the guy that is most important, /etc/login don't. I've modified screen some more (more than exists in the netlib archives), so that it is possible to define what your user limit is at compile time, and let screen count logins the way login does, preventing too many entries from getting into /etc/utmp. You can also define whether new windows are supposed to be "logged in" or not. I've also added commands to let you log any window in or out at will. Send email if you're interested in the latest version. As far as I can see, a subset of my modifications to the screen program could let people remove their own entries from the /etc/utmp file at will. While this is, I'm sure, a violation of your DYNIX license, the capability of any site to bypass the limited license will hopefully provide Sequent with enought incentive to teach /etc/login a better method of counting. About security for single user mode, I've seen it mentioned (but never tested it) by workstation network managers that placing "/etc/login" in /.profile makes a person login to use single user mode. If the login times out, multi-user mode is brought up again. Again, I've not tried this, and have no reason to. The best security against superuser usage by unauthorized persons is to place your computer and console in a locked room, have only the console listed in /etc/securetty (so root can only login at the console), don't put anyone but root in the group named "root" in /etc/group (so no one can use "su" to become root), and don't write down or inform others about the root password. Oh yes, don't use setuid/setgid Bourne or C shell scripts. At least Sequent provides a key lock on the front panel, so you can prevent unauthorized persons from unsetting "auto(boot)" and pressing "reset". We have a computer system from another manufacturer that only has a toggle on/off switch, with no "secure" position. Any passer by can accidentally lean on the machine and crash it. I'd mention their name, but they can't take criticism, and will call my boss to complain (again). Patrick Wolfe (pwolfe@kai.com, kailand!pwolfe) System Manager, Kuck and Associates, Inc. Disclaimer: Any and all opinions mentioned here are MINE, not my employers. Please don't call my boss to complain (again).