Alternate Shells
Daniel R. Levy
levy at ttrdc.UUCP
Thu Aug 29 03:35:48 AEST 1985
In article <275 at uwvax.UUCP>, david at wisc-rsch.arpa (David Parter) writes:
>> Next joke, please. Suffice it to say that "lock" isn't nearly as
>> secure as it might lead you to believe. This probably isn't the
>> place to go into the details of why, but I wouldn't trust the
>> standard "lock" to protect anything I valued.
>
>> Doug Hosking
>
>possible solutions:
> 1) don't leave your terminal (logged in) alone.
> 2) fix lock, if you need a secure locking mechanism for yourself
> or your users. We have made some fixes to it.
>
>david
>--
>david parter
>UWisc Systems Lab
>
>uucp: ...!{allegra,harvard,ihnp4,seismo, topaz}!uwvax!david
>arpa now: david at wisc-rsch.arpa
>arpa soon: david at wisc-rsch.WISCONSIN.EDU or something like that
I didn't see the original (Hosking) so I am replying to this one. The
key to the extant lock can be pried by anyone who has access to the source
code, or who can do a strings on the binary. It's an open secret, and I'm
sure every hacker from Maine to California knows it. If you MUST have a
master key to lock change it from the default and make the source and binary
readable only to root (if at all). Actually I don't even see the need for a
master key at all; if you forget, just log in elsewhere and kill the process
with signal 9. (And stty sane < /dev/tty_whatever.)
--
------------------------------- Disclaimer: The views contained herein are
| dan levy | yvel nad | my own and are not at all those of my em-
| an engihacker @ | ployer, my pets, my plants, my boss, or the
| at&t computer systems division | s.a. of any computer upon which I may hack.
| skokie, illinois |
-------------------------------- Path: ..!ihnp4!ttrdc!levy
or: ..!ihnp4!iheds!ttbcad!levy
More information about the Comp.unix
mailing list