keithb@reed.UUCP (Keith Brown) (04/20/89)
I hacked into the login program and found a one-byte change that moves the 'restricted to (main) console' UID from 0 (root) to any other value less than 128 (a signed char). My personal hack changes the restriction to UID 99 and I've set up a tape-backup account on that UID which forces the backup activities to take place at the console in an rshell. It frees root and the various sysadm type functions to be run anywhere. The code is only a screen and a half so, based on the results of my next question, I'll just post it in a message. Now for the question: Should I post it? If I don't hear complaints within a week or so, I'll go ahead. Note, you would require root or su privileges to implement the patch. Oh, and it does some checking to be sure you're playing with the same sandbox I'm in. Comes in source-only format, so you'll have to compile it, or patch with a debugger. -Keith -- Keith Brown UUCP: {decvax allegra ucbcad ucbvax hplabs ihnp4}!tektronix!reed!keithb BITNET: keith@reed.BITNET ARPA: keithb%reed.bitnet@cunyvm.cuny.edu CSNET: reed!keithb@Tektronix.CSNET CIS: 72615,216
larry@focsys.UUCP (Larry Williamson) (04/21/89)
In article <12502@reed.UUCP> keithb@reed.UUCP (Keith Brown) writes: > >I hacked into the login program and found a one-byte change that moves >the 'restricted to (main) console' UID from 0 (root) to any other value > > [..] Should I post it? Sure, why not? But then would it not be easier to simply install the login replacement that "John F. Haug II" posted a few weeks back? You get shadow passwords. You can define what ports 'root' can log in on. You have the source, so you don't have to patch binaries. etc, etc, etc. -- Larry Williamson -- Focus Systems -- Waterloo, Ontario watmath!focsys!larry (519) 746-4918