From owner-freebsd-security  Thu Nov 19 18:51:18 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id SAA00250
          for freebsd-security-outgoing; Thu, 19 Nov 1998 18:51:18 -0800 (PST)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from trooper.velocet.ca (host-034.canadiantire.ca [209.146.201.34])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id SAA00232
          for <freebsd-security@FreeBSD.ORG>; Thu, 19 Nov 1998 18:51:16 -0800 (PST)
          (envelope-from dgilbert@trooper.velocet.ca)
Received: (from dgilbert@localhost)
	by trooper.velocet.ca (8.8.7/8.8.7) id VAA16224;
	Thu, 19 Nov 1998 21:50:32 -0500 (EST)
From: David Gilbert <dgilbert@velocet.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <13908.55544.854706.2736@trooper.velocet.ca>
Date: Thu, 19 Nov 1998 21:50:32 -0500 (EST)
To: Stefan `Sec` Zehl <sec@require-re.42.org>
Cc: freebsd-security@FreeBSD.ORG
Subject: no more pty's / lockout
In-Reply-To: <19981120003245.A5204@matrix.42.org>
References: <19981120003245.A5204@matrix.42.org>
X-Mailer: VM 6.62 under Emacs 19.34.2
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

>>>>> "Stefan" == Stefan `Sec` Zehl <sec@require-re.42.org> writes:

Stefan> Hi, I just relized, that any user on a system can disable
Stefan> remote logins completely by allocating all available tty's
Stefan> (with xterm p.ex.)

Stefan> Since quite some boxes are remotely adminned, i think this is
Stefan> worth a fix.

Stefan> What about adding a fallback-no-tty-mode to telnetd ?

	ssh (and I believe rsh... but I don't use it) will allow a
login without an available tty as follows:

ssh -l root <hostname> "bash -i"

Dave.

-- 
============================================================================
|David Gilbert, Velocet Communications.       | Two things can only be     |
|Mail:       dgilbert@velocet.net             |  equal if and only if they |
|http://www.velocet.net/~dgilbert             |   are precisely opposite.  |
=========================================================GLO================

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message