Finding Passwords

Guy Harris guy at auspex.auspex.com
Tue Sep 25 02:37:00 AEST 1990


>You should be able to prevent this.  SunOS (and thus likely BSD as well,
>though I don't know) make the first login prompt "<hostname> login:",

4.1cBSD did that, as I remember; 4.2BSD and later stick other stuff
before the "login:" prompt (which, in 4.2BSD or later, starts at column
1).  Sun left it the way it was in 4.1c. 

>and switch to plain "login:" if an incorrect password is entered.  This
>disables login trojans by making them unconcealable.

Err, what's to stop the trojan horse program from exhibiting the same
behavior as "getty" (which issues the first prompt indicated above) and
"login" (which issues the subsequent ones)?

>Alternatively, on at least some SysV machines, you can change the first
>prompt from the soft underbelly of "login:" by mucking with
>/etc/gettydefs (I think /etc/gettytab on BSD is the same).

It is; that's where the "<hostname> " comes from in SunOS:

    default:\
	:ap:lm=\r\n%h login\72 :sp#9600:

and the other stuff comes from in 4.[2andup]BSD:

    default:\
	:ap:fd#1000:im=\r\n\r\n4.3 BSD UNIX (%h) (%t)\r\n\r\r\n\r:sp#1200:



More information about the Comp.unix.internals mailing list