davidg@aegis.UUCP (Dave McLane) (02/18/91)
Sorry about my mistakenly starting a new subject in the middle of the SECURITY BUG thread. Following is a summary of what I've learned about how the ISC signon messages get generated. ------------------------------ jgd@Dixie.Com (John G. DeArmond) writes: > bill@unixland.uucp (Bill Heiser) writes: > > >This is a good question (for those of us who don't know) -- how does > >one edit binaries in Unix? Is there a utility like Norton out there > >(yes, I know Norton is available for ISC, but I'm running Esix). I am running plain MS-DOS Norton utilties under VP/ix uner ISC V3.2 and the ones I've tried work except for DS (directory sort). Likewise MS-DOS SYMDEB.EXE works as well.... > Well, I use fm, what the author calls file modify. We refer to it as > F...... Magic :-) The source is included in this posting. Thanks for including it, I'll give it a whirl. ------------------------------ it1@ra.MsState.Edu (Tim Tsai) writes: > Check out fm, a curses based binary editor for Unix. It's available > in comp.sources.misc, volume12. We don't get those on Aegis but I know where I can.... thanks for the reference. ------------------------------ shwake@raysnec.UUCP (Ray Shwake) writes: > This assault of the copyright credit lines is not limited to ISC. > ... > UCB, for example, all I encountered was a clean login prompt. I suspect > these references are all coming out of /bin/login. > On a related issue, both ISC and SCO UNIX *prefix* the login prompt > with a node name reference and a couple of new lines. *This* one, I believe, > comes out of getty. So I found out.... see belows ------------------------------ cpcahil@virtech.uucp (Conor P. Cahill) writes: > yes, they come out of getty. Most of it comes out of the /etc/issue file > that getty reads, so changing that file will get rid of most of the pre-login > prompt stuff. Yes, part of it, see below. ------------------------------ Based upon what I've learned from your replies, I puttered about and here is what I know about where the header is coming from: 1. /etc/issue | Welcome to the INTERACTIVE Systems Corporation INTERNACTIVE UNIX Operating System 2. /etc/getty | System name: Aegis 3. /etc/gettydefs | Login: 4. /bin/login | Password: 5. /bin/login | UNIX System V/386 Release 3.2 | aegis | Copyright (C) 1984, 1986, 1987, 1988 AT&T | Copyright (C) 1987, 1988 Microsoft Corp. | All Rights Reserved. | Login last used Mon Mar 25 18:47:57 1991 6. /etc/profile | / : Disk space.... /etc/profile | /usr : Disk space.... /etc/profile | /user2 : Disk space.... /etc/profile | /etc/profile | Total Disk Space.... ------------------------------ To change, you can do the following: 1. Edit /etc/issue to change the opening lines 2. Binary edit /etc/getty. But there are limits to what you can do. I used "strings -o getty" to locate the address of "System name" and found two strings one after the other: "System name:<0>%s<0>". I used SYMDEB.EXE under VP/ix to make the modificationds (binary 0 in the first byte of each string to kill it) and wrote the changes to getty.aegis and then used that for the dialup lines in /etc/conf/init.d/asy. But I didn't get the results I thought I would get! Instead of no "System name: aegis" I got "aegis" and then it was waiting for me to login but with no prompt. So while you can kill "System name:" by putting a <0> in the first byte, the actual name of the system is coming from someplace else in the code and the "%s" is used for the login promt coming out of the /etc/gettydefs file. Oh well, I guess I don't mind the "System name: Aegis" so much.... 3. Edit whatever entry /etc/gettydefs is relevant, depending on the /etc/inittab. I have edited mine to show which entry in the cycle is being used for testing how my modem setup works (19200-Login, 9600-Login ... 300-Login) 4-5. Binary edit /etc/login. I used "strings -o login" to locate the address and then used SYMDEB.EXE under VP/ix to make the modification I wanted. I left Password alone and stuck binary 0 in the as the first byte in the copyright message to kill it. 6. Edit /etc/profile as you wish ------------------------------ My resulting Signon was: Aegis Society UNIX Operating System System name: Aegis 9600-Login: Password: Login last used Mon Feb 17 18:47:57 1991 Total Disk Space.... I think this simplified and beautified sigon will avoid my having to explain a lot of of irrelevant details to the people who are going to be using Aegis. Thanks for your help.... --Dave