keithb@reed.UUCP (Keith Brown) (04/29/89)
Enclosed is the patch which allows Micrport 3.0U3.0e root (and its aliases)
to login from any terminal. Needless to say, it has advantages and drawbacks.
What it actually does is move the restriction from UID 0 to UID 99 (or some
other number in the #define) in the login program.
X /*
X This program will modify Microport 3.0U3.0e 80386 UNIX /bin/login program
X to allow root or root-equivalents such as sysadm to log onto the system
X from any port, not just /dev/console. The program does this by changing
X the 'restricted' account to UID number 99. If, perchance, you wish to
X limit some things on your system to be only used/run/accessable from the
X console, set up an account with UID of 99. Login will force that user
X to only access the system from the console. This program is distributed
X only in C source code form. To compile: cc login.fix.c then execute
X a.out to modify /bin/login. You must be root to execute the program.
X */
X
X#include <stdio.h>
X
X /*
X set to 0 to restore root-only-on-console protection,
X set to a value less than 128 (signed char) to protect that account,
X set to 255 to disable protection (no UID can be == -1).
X */
X#define PROTECTED_UID 99
X
Xunsigned char olddata[10] = {
X 0x83, 0x78, 0x08, 0, /* cmpl $0x0, 0x8(%eax) */
X 0x0f, 0x85, 0x2b, 0, 0, 0 /* jne +0x2b <0c54> */
X};
X
Xmain()
X{
X int i, c, prev_uid;
X FILE *fp;
X
X if((fp=fopen("/bin/login","r+"))==0) {
X perror("login.fix");
X exit(1);
X }
X system("cp /bin/login /bin/login.old"); /* just in case */
X
X /* first confirm same issue */
X fseek(fp,(long)0xc1f,0);
X for(i=0; i<10; i++) {
X c=fgetc(fp);
X if(i==3)
X prev_uid=c;
X else if( c!=olddata[i]) {
X fprintf(stderr,
X "Your version of login doesn't match patch at byte %d.\n",i);
X exit(1);
X }
X }
X
X /* now do the fix */
X fseek(fp,(long)0xc22,0);
X fputc(PROTECTED_UID,fp);
X fclose(fp);
X
X fprintf(stderr,"/bin/login now patched to restrict UID number %d from %d.\n",
X PROTECTED_UID, prev_uid);
X return 0;
X}
X
--
Keith Brown
UUCP: {decvax allegra ucbcad ucbvax hplabs}!tektronix!reed!keithb
BITNET: keith@reed.BITNET ARPA: keithb%reed.bitnet@cunyvm.cuny.edu
CSNET: reed!keithb@Tektronix.CSNET CIS: 72615,216