Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 19 Oct 1999 01:41:11 -0400 (EDT)
From:      Mike Nowlin <mike@argos.org>
To:        Sue Blake <sue@welearn.com.au>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: allowing telnet from locked terminal
Message-ID:  <Pine.LNX.4.05.9910190130290.2563-100000@jason.argos.org>
In-Reply-To: <19991017070610.E12725@welearn.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help 

> That's fine, but I don't want it to be easy for them to see/touch my
> other work which they're not interested in anyway. The people are
> trustworthy but will be unfamiliar with the machine and could press
> random buttons when working in panic mode. Periods away include coffee
> breaks, overnight, and weekends.

I had a similar problem....  The machines that people needed to get to
were all running Linux, so this program was written for that, but I
imagine it could be ported over to FreeBSD pretty easily -- I'll take a
look.

Basically, it keeps track of the console idle times -- if they get to be
more than ten minutes, or if the person types "lockup" from the shell, it
will do the following:

1)  Make a note of the current VC and (if applicable) the user logged in
on it
2)  Switch to VC 10 (no getty normally running on that one)
3)  Send the IOCTL to the kernel that disables VC switching
4)  Print "Locked - Password: ", turn off echo, and get a password
5)  If the PW matched either root's or the person from step #1, re-enable
VC switching and switch back to the VC from step #1, else scan /etc/passwd
for a matching one -- if it found one, keep VC switching off, but give a
one-time login prompt on VC 10.

It has some problems in the total logic of it (there are some "features"
that I never bothered to fix), but in the physically restricted
environment that these machines are in, it allows people to get in who 
need to.....


--mike




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.05.9910190130290.2563-100000>