Re: Netscape Admin Servers /tmp/deamonstat

[Valdis.Kletnieks () VT EDU (Valdis.Kletnieks () VT EDU)]

On Wed, 18 Jun 1997 03:02:15 -0000, you said:
>  ************** Corinne Posse Security Notice  **************
> Issue Number 5: 970717
>  **************  http://corinne.mac.edu/posse  **************
>
> **** Problem with su on HP/UX 9.00 VIA a dumb-terminal ****
>
> When the shell calling "su" is killed, the user is logged out,
> but in-between login prompts, a user can still enter commands as
> root.

I have to admit that it's 4AM, and I'm not an HP/UX expert, but I suspect the
follwoing is happening:

When the other sysadmin does a 'kill -9' or whatever of the *parent shell*,
this is failing to propagate a SIGHUP to the shell spawned by the su command
(which makes sense, as it is probablyin a different process group for job
control purposes).  The login shell exits, the su-shell keeps running.
init notices the login shell exiting, and re-spawns a getty.  You then
get a getty/login and a su-shell fighting in a race condition for any
given line of terminal input.

The problem is probably exacerbated by a lack of a revoke() call in HP/UX 9.0,
which was designed to close exactly this hole - getty can revoke() on the /dev/tty
and be *sure* that no other processes are still reading.  (And yes, I *know*
about the funky race conditions in many Unixoid kernels that allow a blocked
open() to slip past a revoke() call.  But revoke() is better than nothing ;)

Work-around:  Make sure to kill the su-shell first, and THEN the login
shell.  If this is too hard to remember, create a shell or perl script
called 'nuke-admin' ;)

                                Valdis Kletnieks
                                Computer Systems Senior Engineer
                                Virginia Tech