Bad login user id(sco-unix)
Ronald S H Khoo
ronald at robobar.co.uk
Fri Oct 26 19:26:06 AEST 1990
[ did this thread ever have anything to do with internals ? back to sysv386
now, anyway ... ]
halpin at mitisft.Convergent.COM (pri=20 Chris Halpin) writes:
> The luid is an additional uid associated w/every process that is set at
> login time and CAN NEVER be changed
Wrong. Eamon McManus posted a version of su(1) that *did* change the
luid -- by scribbling in /dev/kmem. It should be possible to merge
Eamon's code into John's login too.
> It is used by the audit trail to allow tracking of
> changes in identity.
Do you know anyone who has enough disc space to enable auditing ? (1/2 :-)
> exec(2)ing login will result in an attempt
> to setluid(2) that fails since the luid is already set.
Which is extremely inconvenient since it causes ct(1) to fail. A good
reason to switch login(1)s.
> creates problems with cron (you need to shutdown to restart cron since it
> needs to be run w/no luid set so that is may run its jobs as any user it
> chooses).
How can you restart cron ? Only from init(8), since any shell you
get from login(1) will have luid set.... unless you use Eamon's hack
or if you modify login(1) to notice a special login and give it
a shell without setting the luid.
> login(1) was extensively
> modified to accomodate the requirements of C2.
Those of us interested in John F Haugh III's login suite are attempting
to subvert the C2 intentions of SCO Unix. The idea is that there
should be a "kit" to disable as many of the security features as possible
to be installed *after* the OS has already been installed -- someone said
that it must come up in C2 in the beginning, so such a kit would have
to be installed afterwards. Such a kit should also be shipped by SCO,
but until they do so, we do what we can with source provided by kind
netters :-)
--
ronald at robobar.co.uk +44 81 991 1142 (O) +44 71 229 7741 (H)
More information about the Comp.unix.internals
mailing list