Bad login user id(sco-unix)

Ronald S H Khoo ronald at robobar.co.uk
Fri Oct 26 19:26:06 AEST 1990


[ did this thread ever have anything to do with internals ?  back to sysv386
  now, anyway ... ]

halpin at mitisft.Convergent.COM (pri=20 Chris Halpin) writes:

> The luid is an additional uid associated w/every process that is set at 
> login time and CAN NEVER be changed 

Wrong.  Eamon McManus posted a version of su(1) that *did* change the
luid -- by scribbling in /dev/kmem.  It should be possible to merge
Eamon's code into John's login too.

> It is used by the audit trail to allow tracking of 
> changes in identity.

Do you know anyone who has enough disc space to enable auditing ? (1/2 :-)

> exec(2)ing login will result in an attempt
> to setluid(2) that fails since the luid is already set.

Which is extremely inconvenient since it causes ct(1) to fail.  A good
reason to switch login(1)s.

> creates problems with cron (you need to shutdown to restart cron since it
> needs to be run w/no luid set so that is may run its jobs as any user it 
> chooses).

How can you restart cron ?  Only from init(8), since any shell you
get from login(1) will have luid set.... unless you use Eamon's hack
or if you modify login(1) to notice a special login and give it
a shell without setting the luid.

> login(1) was extensively 
> modified to accomodate the requirements of C2.

Those of us interested in John F Haugh III's login suite are attempting
to subvert the C2 intentions of SCO Unix.  The idea is that there
should be a "kit" to disable as many of the security features as possible
to be installed *after* the OS has already been installed -- someone said
that it must come up in C2 in the beginning, so such a kit would have
to be installed afterwards.  Such a kit should also be shipped by SCO,
but until they do so, we do what we can with source provided by kind
netters :-)

-- 
ronald at robobar.co.uk +44 81 991 1142 (O) +44 71 229 7741 (H)



More information about the Comp.unix.sysv386 mailing list