Bad login user id(sco-unix)

John F. Haugh II jfh at rpp386.cactus.org
Sat Oct 27 22:20:43 AEST 1990


In article <1990Oct26.092606.7374 at robobar.co.uk> ronald at robobar.co.uk (Ronald S H Khoo) writes:
>Wrong.  Eamon McManus posted a version of su(1) that *did* change the
>luid -- by scribbling in /dev/kmem.  It should be possible to merge
>Eamon's code into John's login too.

please - don't do gross things to my source code!  i would suggest
that you create a common function to handle dorking with the luid
in kernel memory and just put in a call to it.  the code is being
pounded on by an increasing number of people, and doing lots of
incompatible things will only make for lots of incompatible versions.

>> It is used by the audit trail to allow tracking of 
>> changes in identity.
>
>Do you know anyone who has enough disc space to enable auditing ? (1/2 :-)

sure, i do ;-).  you have heard of tape drives, correct?  create a
daemon process to slurp your audit trail off to tape.  change tapes
on a daily basis.  it should be possible to select the subset of
interesting event.  someone should post the gory details if it isn't.

>> login(1) was extensively 
>> modified to accomodate the requirements of C2.
>
>Those of us interested in John F Haugh III's login suite are attempting
>to subvert the C2 intentions of SCO Unix.  The idea is that there
>should be a "kit" to disable as many of the security features as possible
>to be installed *after* the OS has already been installed -- someone said
>that it must come up in C2 in the beginning, so such a kit would have
>to be installed afterwards.  Such a kit should also be shipped by SCO,
>but until they do so, we do what we can with source provided by kind
>netters :-)

[ it's jfh II - not jfh III.  this has got to be the world's most
  common mistake involving my name.  it was the uncle (dr. j.f. haugh)
  not the father (e.l. haugh), hence ii not jr. ]

i find it difficult to believe that secureware went that crazy with
this notion of login id's.  there is no C2 requirement for this
bizarre of a user i&a scheme.  in fact - there is no tcsec requirement
for unchangable id's at any level.  the only real requirement is that
if you are going to change your id the event must be auditable and
you must be authenticated (section 2.2.2 tcsec).  sigh.  why must
implementors constantly strive so hard to make security unusable?

as for making a kit to get around the secureware changes, paul vixie
posted a really nice cron some time back, and bill wells posted a
getty; you get login, su, newgrp (e-i-e-i-o) with my shadow password
suite, and i've even seen a ct that i forget who posted.  the only
changes should be programs which dink with uid's and create new
login sessions.

given what i have heard so far, it sounds as though secureware is one
of the more useless C2 systems.  it's a shame SCO didn't make it a
separate product as AT&T did with their System V/MLS product, or less
intrusive as IBM did with their AIX Version 3 product.  security
features which are properly implemented are quite helpful, and in my
humble opinion, can really make a system much more user friendly.
-- 
John F. Haugh II                             UUCP: ...!cs.utexas.edu!rpp386!jfh
Ma Bell: (512) 832-8832                           Domain: jfh at rpp386.cactus.org
"SCCS, the source motel!  Programs check in and never check out!"
		-- Ken Thompson



More information about the Comp.unix.sysv386 mailing list