From owner-freebsd-questions Mon Jan 6 06:53:10 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id GAA08755 for questions-outgoing; Mon, 6 Jan 1997 06:53:10 -0800 (PST) Received: from post-ofc01.srv.cis.pitt.edu (root@post-ofc01.srv.cis.pitt.edu [136.142.185.10]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id GAA08748 for ; Mon, 6 Jan 1997 06:53:08 -0800 (PST) Received: from unixs3.cis.pitt.edu (jddst19@unixs3.cis.pitt.edu [136.142.185.54]) by post-ofc01.srv.cis.pitt.edu with SMTP (8.8.4/cispo-2.0.1.7) ID ; Mon, 6 Jan 1997 09:45:46 -0500 (EST) Date: Mon, 6 Jan 1997 09:45:45 -0500 (EST) From: John D Duncan X-Sender: jddst19@unixs3.cis.pitt.edu To: Harlan Stenn cc: freebsd-questions@freebsd.org Subject: Re: Why aren't the ptys in /etc/ttys secure by default? In-Reply-To: <14980.852537825@mumps.pfcs.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-questions@freebsd.org X-Loop: FreeBSD.org Precedence: bulk ptys are used for both Xterms and telnet sessions. If we were able to log in as root from abroad, then there would be very little way of figuring out who has been cracking the system. Marking the ptys insecure requires that a cracker use a valid user login name, and helps us find the initial security flaw. Sometimes a user willingly gives out his own login name and password to a foreigner, and that person hacks out the system from within. If he had to do an SU, we could talk to the user who allowed this to happen, and change that password. (and root, and probably every password anyway) I recommend that you keep those ttyps marked insecure. -John ============== jddst19+@pitt.edu John Duncan Freshman, University of Pittsburgh "I'm not a doctor, but I ate one at the UPMC..." On Mon, 6 Jan 1997, Harlan Stenn wrote: > Just curious. > > What are the security issues? > > Thanks... > > H >