Bugtraq mailing list archives

Re: Fix for Linux/AIX login hole

From: dougmc () graphite comco com (Doug McLaren)
Date: Mon, 23 May 94 13:29:53 -0500


In article <9405231409.AA00430 () dadofsam princeton edu>,
   serge () Princeton EDU writes:

A colleague sent me the following note:

A less painful (for the system modification unaware) way to lock it up on
an AIX machine is:

   1. Enter SMIT (as root)
   2. Follow this path:
      Security & Users
      Users
      Change / Show Characteristics of a User
      User NAME (enter root)
   3. Change "User can RLOGIN" to false
   4. Click "Do"


That doesn't stop the fact that instead of '-froot' you can use
'-f<any other user>' and it will let you in as them instead of root.

Instead of leaving the door wide open, it's now just open a crack, but
it's still not locked.

-- 
--- Doug McLaren, dougmc () graphite comco com
--- MONEY IS THE ROOT OF ALL EVIL! Send $9.95 for info

Current thread:

Re: Fix for Linux/AIX login hole Serge J. Goldstein (May 23)
- Re: Fix for Linux/AIX login hole Doug McLaren (May 23)
- <Possible follow-ups>
- Re: Fix for Linux/AIX login hole Doug Siebert (May 23)
  - Re: Fix for Linux/AIX login hole Christopher Klaus (May 23)
- Re: Fix for Linux/AIX login hole H Morrow Long (May 23)
  - Re: Fix for Linux/AIX login hole Perry E. Metzger (May 24)
    - Re: Fix for Linux/AIX login hole George Boyce (May 24)
    - Re: Fix for Linux/AIX login hole Perry E. Metzger (May 24)