security of Interactive powerdown login
Conor P. Cahill
cpcahil at virtech.uucp
Sun Nov 11 00:24:59 AEST 1990
In article <1990Nov9.212510.9086 at mks.com> eric at mks.com (Eric Gisin) writes:
>If you want a more secure password-less powerdown userid
>and you have Interactive 2.2, you can change the shell for powerdown
>to /usr/admin/powerdown and add the following lines to the top of
>the /usr/admin/powerdown shell script:
NEVER NEVER NEVER have a root account without a password. There are too
many chances for it to be exploited.
Look at what could happen:
cpcahil(virtech,61): id
uid=100(cpcahil) gid=7(opadmin)
cpcahil(virtech,63): su powerdown
# id
uid=0(root) gid=0(root)
--
Conor P. Cahill (703)430-9247 Virtual Technologies, Inc.,
uunet!virtech!cpcahil 46030 Manekin Plaza, Suite 160
Sterling, VA 22170
More information about the Comp.unix.sysv386
mailing list