From owner-freebsd-security  Fri May 28  3:13:21 1999
Delivered-To: freebsd-security@freebsd.org
Received: from shell6.ba.best.com (shell6.ba.best.com [206.184.139.137])
	by hub.freebsd.org (Postfix) with ESMTP id F180C14C8B
	for <freebsd-security@FreeBSD.ORG>; Fri, 28 May 1999 03:13:19 -0700 (PDT)
	(envelope-from jkb@shell6.ba.best.com)
Received: (from jkb@localhost)
	by shell6.ba.best.com (8.9.3/8.9.2/best.sh) id DAA20325;
	Fri, 28 May 1999 03:12:18 -0700 (PDT)
Message-ID: <19990528031217.D15594@best.com>
Date: Fri, 28 May 1999 03:12:17 -0700
From: "Jan B. Koum " <jkb@best.com>
To: Jamie Rishaw <jamie@arpa.com>, Chriss <chriss@toto.oz-online.net>
Cc: Nicholas Brawn <ncb@zip.com.au>, freebsd-security@FreeBSD.ORG
Subject: Re: legal notice for telnet/etc
References: <Pine.LNX.4.05.9905281500030.13227-100000@zipper.zip.com.au> <Pine.LNX.4.02.9905280010480.21058-100000@toto.oz-online.net> <19990528001436.C28844@rage.arpa.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.93.2i
In-Reply-To: <19990528001436.C28844@rage.arpa.com>; from Jamie Rishaw on Fri, May 28, 1999 at 12:14:36AM -0500
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Fri, May 28, 1999 at 12:14:36AM -0500, Jamie Rishaw <jamie@arpa.com> wrote:
> Note, that doesnt work for ssh.
> 
> I use /etc/COPYRIGHT for all my must-read's.
> 
> The only problem is, that's post-login.
> 
> You can define copyright file in /etc/login.conf ":copyright=" directive.
> 
> -jamie

	Uhm... 'must-read'? ;) Heh. Guess what? If a user has .hushlogin in
his $HOME, he/she is not going to see your /etc/COPYRIGHT message at all:

% touch $HOME/.hushlogin
% cat /etc/COPYRIGHT
lkadjflkasjfasdl
% login
login: jkb
Password:
%

	See /usr/src/usr.bin/login/login.c around line 548

	The best way to make sure your users see a message is to place a
hack into login.c which just ignores the existence of .hushlogin file.

	BTW, since sshd does not use /usr/bin/login (unless you force it to
do so, and it then needs a patch to do it right and not to core on BSD). So
with sshd you just edit /etc/sshd_config (or /usr/local/etc) and set
"PrintMotd yes" in the sshd config file. Then of course you need to make
sshd ignores $HOME/.hushlogin also... ;-)

	Argh! Hell. There is not good way to get your message across. If
l^Huser choose not to read it, they will not read it no matter what. :(


-- Yan


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message