Return to BSD News archive
Newsgroups: comp.unix.bsd Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!agate!howland.reston.ans.net!europa.eng.gtefsd.com!uunet!mdisea!mothost!lmpsbbs!il24mac2.comm.mot.com!user From: cusr15@email.mot.com (Steve Peterson) Subject: Re: Major security hole with getty, please help! Organization: Motorola WSAPD Date: Wed, 22 Sep 1993 12:52:03 -0600 Message-ID: <cusr15-220993125203@il24mac2.comm.mot.com> Followup-To: comp.unix.bsd References: <27noq0$lb5@news.u.washington.edu> Sender: news@lmpsbbs.comm.mot.com (Net News) Nntp-Posting-Host: 145.12.8.4 Lines: 42 In article <27noq0$lb5@news.u.washington.edu>, micah@stein1.u.washington.edu (Micah Anderson) wrote: > Ok, here I am... got getty running just fine on my machine, I can call > it up from work and login and everything is cool, almost ready for > public use... Then something quite peculiar happens. I get logged out > due to the dialout modem I was using at work has a timer for > idle-out... So I was disconnected... I then simply call back to log in > again, but WHOA! I didnt get a login, I was instantly connected back > to my tty and got the ---MORE 70%--- prompt at the bottom (I was > reading something, a man page or something) NO login, no password and > NO security. > > Does anyone know what is going on here? Does anyone know a potential > fix for this? > > On the subject of getty I also noticed (this might offer a clue to the > above) that when I call in utmp is NOT updated. I login and do a 'w' > and find that noone is logged in... hmmm, all the permissions look > right. > > -rw-rw-rw- 1 bin 72 Sep 21 08:39 /etc/utmp > > and wtmp DOES get updated... > > Any clues would be more than appreciated! > > > micah Most communication interfaces have modem control. The shell on your machine should be monitoring pin eight (carrier detect) on your serial connection. This monitoring can be defeated if the modem is not set up right. A lot of modems ship with carrier detect forced high. You should set this mode, usually with &c1, to have pin 8 (carrier detect) follow carrier. When the phone disconnects, pin eight should go low and the shell should exit and abort all task. Init should then provide the communications port with a new getty. If you have any process ignoring SIGHUP attached to the communications port, this task will also ignore all disconnects from your modem. Steve