Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_3

Bugtraq archives for 3rd quarter (Jul-Sep) 1994: Re: disabling login in V1 #14

Re: disabling login in V1 #14

Wm Randolph Franklin (wrfecse.rpi.edu)
Thu, 18 Aug 1994 17:13:43 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: pluvius: "Re: "Flash"??"
Previous message: John V. A. Janeri: "firewall toolkit"
In reply to: John DiMarco: "Re: Solaris 2.3 login"
Next in thread: matthew green: "Re: disabling login in V1 #14"

Concerning:

 > We've turned off public execute permission for login. The only thing
 > this breaks is the ability to type "login foo" and log in as foo after
 > being logged in as somebody else. su or "rlogin localhost -l foo" are 
 > perfectly suitable alternatives.

login is somewhat easier than those alternatives, altho not enough
easier to justify keeping it public.

1. su doesn't change over the whole environment, run .login, etc.
su is reversible by typing ^d.  login is and is not, resp.

2. rlogin may be already disabled for various reasonably good
reasons.  This leaves only telnet, if anything.  telnet doesn't
pass window properties.


-----------------
Wm. Randolph Franklin,  wrfecse.rpi.edu, (518) 276-6077;  Fax: -6261
ECSE Dept., 6026 JEC, Rensselaer Polytechnic Inst, Troy NY, 12180 USA
 For more info, including PGP and RIPEM keys, finger -l wrfecse.rpi.edu

Next message: pluvius: "Re: "Flash"??"
Previous message: John V. A. Janeri: "firewall toolkit"
In reply to: John DiMarco: "Re: Solaris 2.3 login"
Next in thread: matthew green: "Re: disabling login in V1 #14"