Date: Wed, 2 Apr 1997 01:11:26 +1000 (EST) From: Darren Reed <avalon@coombs.anu.edu.au> To: avalon@coombs.anu.edu.au (Darren Reed) Cc: hackers@freebsd.org, security@freebsd.org Subject: Re: root logins on secure tty's ? Message-ID: <199704011516.HAA06197@freefall.freebsd.org> In-Reply-To: <199704011422.GAA03481@freefall.freebsd.org> from "Darren Reed" at Apr 2, 97 00:17:28 am
index | next in thread | previous in thread | raw e-mail
Ignore this. Someone broke root logins, thats all.
In some mail from Darren Reed, sie said:
>
>
> for some reason, in 2.2.1 source, /bin/login root logins appear
> to be broken on secure tty's.
>
> line 271 of login.c (or thereabouts):
> } else if (pwd->pw_passwd[0] == '\0') {
> if (rootlogin && !rootok) {
> /* pretend password okay */
> rval = 0;
> goto ttycheck;
> }
> }
>
> in my ttys, I enable ttyv1 as secure, rootok == 1 and I get prompted
> for a password. Were the tty insecure, I suspect this would work (I
> have a null password for root). btw, I only noticed this because it
> used to work on 2.1.6 and didn't after the upgrade...
>
> Is this (perhaps) a leftover from the breakin earlier in the year ?
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199704011516.HAA06197>