From owner-freebsd-current  Mon Nov 27 16:04:08 1995
Return-Path: owner-current
Received: (from root@localhost)
          by freefall.freebsd.org (8.6.12/8.6.6) id QAA12351
          for current-outgoing; Mon, 27 Nov 1995 16:04:08 -0800
Received: from apollo.COSC.GOV (root@apollo.COSC.GOV [198.94.103.34])
          by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id QAA12275
          for <freebsd-current@freebsd.org>; Mon, 27 Nov 1995 16:03:57 -0800
Received: (from vince@localhost) by apollo.COSC.GOV (8.6.12/8.6.9) id QAA24828; Mon, 27 Nov 1995 16:01:33 -0800
Date: Mon, 27 Nov 1995 16:01:33 -0800 (PST)
From: -Vince- <vince@apollo.COSC.GOV>
To: Terry Lambert <terry@lambert.org>
cc: joerg_wunsch@uriah.heep.sax.de, freebsd-current@freebsd.org
Subject: Re: schg flag on make world in -CURRENT
In-Reply-To: <199511272354.QAA19960@phaeton.artisoft.com>
Message-ID: <Pine.BSF.3.91.951127155925.22740z-100000@apollo.COSC.GOV>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-current@freebsd.org
Precedence: bulk

On Mon, 27 Nov 1995, Terry Lambert wrote:

> > > > 	Is there anyway to remotely login to a FreeBSD box and 'su' to root
> > > > to do a make world without having to do noflags schg on all the files 
> > > > with that flag on it generated by the last make world in -CURRENT?  Thanks!
> > > 
> > > Why don't you just use "rlogin" and "su"?
> > 
> > 	Does rlogin and su make any difference?  I'm using ppp from Win95 
> > and I don't have a rlogin program, only telnet...
> 
> 1)	Your user name must be in group "wheel" (in the file /etc/group).

	Correct for su to work.

> 2)	Your pty must be marked "secure".  Currently, it is marked as
> 	"network", mostly because networks aren't secure.  Since you
> 	can't pick your pty, you pretty much have to lett all of them
> 	in.  Be sure to put "Welcome, system crackers!" in your login
> 	prompt in gettytab.  8-).

	So that's it, the pty must be secure but I can't really control
that since I thought you can't telnet or rlogin into a secured pty.  Not a
bad idea for the login prompt =)

> The rlogin is vouchsafe, but needs a pty as well.  Besides, any user on
> a DOS box is "root".  If you allowed "rlogin", then any user on any DOS
> box you allowed could become any user on your machine by lying about
> who they are.  The point in a UNIX<->UNIX peer environment is that you
> are at least as secure as your root password on both machines combined.
> 
> Since telnet needs a pty as well, you have to have "secure" in the
> /etc/ttys line either way.  So "rlogin" isn't an issue.

	Thanks for clarifying this.  But if the pty is secure, how am I 
able to telnet or rlogin to that pty?

Cheers,
-Vince- vince@COSC.GOV - GUS Mailing Lists Admin - http://www.COSC.GOV/~vince
UC Berkeley AstroPhysics - Electrical Engineering (Honorary B.S.)
Chabot Observatory & Science Center - Board of Advisors
Running FreeBSD - Real UN*X for Free!
Linda Wong/Vivian Chow/Hacken Lee/Danny Chan/Priscilla Chan Fan Club
Mailing Lists Admin