From owner-freebsd-bugs  Tue Oct  5  9:50:31 1999
Delivered-To: freebsd-bugs@freebsd.org
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
	by hub.freebsd.org (Postfix) with ESMTP id 7270F15655
	for <freebsd-bugs@FreeBSD.org>; Tue,  5 Oct 1999 09:50:19 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.9.3/8.9.2) id JAA57879;
	Tue, 5 Oct 1999 09:50:01 -0700 (PDT)
	(envelope-from gnats@FreeBSD.org)
Date: Tue, 5 Oct 1999 09:50:01 -0700 (PDT)
Message-Id: <199910051650.JAA57879@freefall.freebsd.org>
To: freebsd-bugs@FreeBSD.org
Cc: 
From: Jacques Vidrine <n@nectar.com>
Subject: Re: bin/13932: /usr/bin/lock does not report to syslog when root
 unlock terminal 
Reply-To: Jacques Vidrine <n@nectar.com>
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

The following reply was made to PR bin/13932; it has been noted by GNATS.

From: Jacques Vidrine <n@nectar.com>
To: freebsd-gnats-submit@freebsd.org
Cc: dima@server.ru
Subject: Re: bin/13932: /usr/bin/lock does not report to syslog when root
 unlock terminal 
Date: Tue, 05 Oct 1999 11:47:15 -0500

 Yes, that's bad.  Here is a fix, which I will commit in the next
 few days.
 
 --- src/usr.bin/lock/lock.c.orig
 +++ src/usr.bin/lock/lock.c
 @@ -59,6 +59,7 @@
  #include <sys/param.h>
  #include <sys/stat.h>
  #include <sys/time.h>
 +#include <sys/types.h>
  #include <sys/signal.h>
  #include <err.h>
  #include <ctype.h>
 @@ -67,7 +68,9 @@
  #include <stdio.h>
  #include <stdlib.h>
  #include <string.h>
 +#include <syslog.h>
  #include <unistd.h>
 +#include <varargs.h>
  
  #define	TIMEOUT	15
  
 @@ -91,7 +94,7 @@
  	time_t timval_sec;
  	struct itimerval ntimer, otimer;
  	struct tm *timp;
 -	int ch, sectimeout, usemine;
 +	int ch, failures, sectimeout, usemine;
  	char *ap, *mypw, *ttynam, *tzn;
  	char hostname[MAXHOSTNAMELEN], s[BUFSIZ], s1[BUFSIZ];
  	char *crypt(), *ttyname();
 @@ -181,6 +184,8 @@
  (void)printf("lock: %s on %s. timeout in %d minutes\ntime now is %.20s%s%s",
  	    ttynam, hostname, sectimeout, ap, tzn, ap + 19);
         }
 +	openlog("lock", LOG_ODELAY, LOG_AUTH);
 +        failures = 0;
  
  	for (;;) {
  		(void)printf("Key: ");
 @@ -197,8 +202,13 @@
  		else if (!strcmp(s, s1))
  			break;
  		(void)printf("\07\n");
 +	    	failures++;
 +		if (getuid() == 0)
 +	    	    syslog(LOG_NOTICE, "%d ROOT UNLOCK FAILURE%s (%s on %s)",
 +			failures, failures > 1 ? "S": "", ttynam, hostname);
  		if (ioctl(0, TIOCGETP, &ntty))
  			exit(1);
 +		sleep(1);		/* to discourage guessing */
  	}
  	quit();
  	return(0); /* not reached */
 
 Jacques Vidrine / n@nectar.com / nectar@FreeBSD.org
 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message