Return to BSD News archive
Path: sserve!manuel!munnari.oz.au!uunet!mcsun!Germany.EU.net!bs From: bs@Germany.EU.net (Bernard Steiner) Newsgroups: comp.unix.bsd Subject: Re: root login on insecure terminals Date: 16 Sep 1992 15:31:09 GMT Organization: EUnet Backbone, Dortmund, Germany Lines: 20 Distribution: world Message-ID: <197jvtINNm0n@disaster.Germany.EU.net> References: <3862@wzv.win.tue.nl> NNTP-Posting-Host: walhalla.germany.eu.net In article <3862@wzv.win.tue.nl>, guido@wzv.win.tue.nl (Guido van Rooij) writes: > When root has no password, and you try to login as root from an > insecure terminal, you succeed. Is this spec, or just a bug? > I saw this behaviour on 386bsd, but the login it uses is from > the net2 tapes (at least I think so.) login.c says that a root login is performed if(uid==0 && password!="") Iow go install /etc/nologins, log out and try to login on console as root (without a password) => no logins blah blah Sounds familiar. :-( -Bernard -- Bernard Steiner, FB Informatik/IRB, Uni Dortmund, vox +49 231 755 2444 Postfach 500500, D-W-4600 Dortmund 50, Germany fax +49 231 755 2386 bs@Germany.EU.net ...!uunet!unido!bs *III And they gave it Instructions, but knew it not. } From The Book of Nome, *IV It is, they said, a Box with a Funny Voice. } Mezzanine v.III-IV