[comp.unix.microport] 386 3.0e login patch allows root anywhere

keithb@reed.UUCP (Keith Brown) (04/20/89)

 
I hacked into the login program and found a one-byte change that moves
the 'restricted to (main) console' UID from 0 (root) to any other value
less than 128 (a signed char).  My personal hack changes the restriction
to UID 99 and I've set up a tape-backup account on that UID which forces
the backup activities to take place at the console in an rshell.  It frees 
root and the various sysadm type functions to be run anywhere.
 
The code is only a screen and a half so, based on the results of my next
question, I'll just post it in a message.
 
Now for the question:  Should I post it?  

If I don't hear complaints within a week or so, I'll go ahead.  Note, 
you would require root or su privileges to implement the patch.  Oh, and 
it does some checking to be sure you're playing with the same sandbox 
I'm in.  Comes in source-only format, so you'll have to compile it, or 
patch with a debugger.

-Keith

-- 
Keith Brown
UUCP:  {decvax allegra ucbcad ucbvax hplabs ihnp4}!tektronix!reed!keithb
BITNET: keith@reed.BITNET       ARPA: keithb%reed.bitnet@cunyvm.cuny.edu
CSNET: reed!keithb@Tektronix.CSNET     CIS: 72615,216

larry@focsys.UUCP (Larry Williamson) (04/21/89)

In article <12502@reed.UUCP> keithb@reed.UUCP (Keith Brown) writes:
> 
>I hacked into the login program and found a one-byte change that moves
>the 'restricted to (main) console' UID from 0 (root) to any other value
> 
> [..]  Should I post it?  

Sure, why not?

But then would it not be easier to simply install the login replacement
that "John F.  Haug II" posted a few weeks back?

You get shadow passwords.

You can define what ports 'root' can log in on.

You have the source, so you don't have to patch binaries.

etc, etc, etc.
-- 
Larry Williamson  -- Focus Systems -- Waterloo, Ontario
                  watmath!focsys!larry  (519) 746-4918