From owner-freebsd-security Tue Oct 19 22:39:50 1999 Delivered-To: freebsd-security@freebsd.org Received: from athserv.otenet.gr (athserv.otenet.gr [195.170.0.1]) by hub.freebsd.org (Postfix) with ESMTP id 9022518277 for ; Tue, 19 Oct 1999 22:39:45 -0700 (PDT) (envelope-from keramida@diogenis.ceid.upatras.gr) Received: from hades.hell.gr (patr530-a029.otenet.gr [195.167.115.29]) by athserv.otenet.gr (8.9.3/8.9.3) with SMTP id IAA18608 for ; Wed, 20 Oct 1999 08:39:41 +0300 (EET DST) Received: (qmail 721 invoked by uid 1001); 19 Oct 1999 09:39:15 -0000 To: freebsd-security@freebsd.org Subject: Re: allowing telnet from locked terminal References: From: Giorgos Keramidas Date: 19 Oct 1999 12:39:14 +0300 In-Reply-To: Mike Nowlin's message of "Tue, 19 Oct 1999 01:41:11 -0400 (EDT)" Message-ID: <86puybhepp.fsf@localhost.hell.gr> Lines: 21 X-Mailer: Gnus v5.6.45/XEmacs 21.1 - "20 Minutes to Nikko" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Mike Nowlin writes: > 1) Make a note of the current VC and (if applicable) the user logged in > on it > 2) Switch to VC 10 (no getty normally running on that one) > 3) Send the IOCTL to the kernel that disables VC switching > 4) Print "Locked - Password: ", turn off echo, and get a password > 5) If the PW matched either root's or the person from step #1, re-enable > VC switching and switch back to the VC from step #1, else scan > /etc/passwd for a matching one -- if it found one, keep VC switching > off, but give a one-time login prompt on VC 10. All this sounds oh so familiar... I think that `screen' does something similar, but does not disable ALL the virtual consoles. It just makes access to a certain virtual console controlled by the one that run screen over there. A simple `C-a x' and off you're gone. Of course, if VC switching is not disabled there's always X11 on that Alt-F7 console, bliax. -- Giorgos Keramidas, "What we have to learn to do, we learn by doing." [Aristotle] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message