NetNews Usenet Archive 1992 #16

home *** CD-ROM | disk | FTP | other *** search

/ NetNews Usenet Archive 1992 #16 / NN_1992_16.iso / spool / comp / sys / sgi / 11522 < prev next >

Wrap

Text File | 1992-07-28 | 5.0 KB | 162 lines

Path: sparky!uunet!paladin.american.edu!darwin.sura.net!dtix!relay!afterlife!adm!news From: mcdonald@aedc-vax.af.mil Newsgroups: comp.sys.sgi Subject: Re: indigo security Message-ID: <31559@adm.brl.mil> Date: 28 Jul 92 17:12:40 GMT Sender: news@adm.brl.mil Lines: 152 Keystrokes of Kenny McDonald, in response to Robyn Landers: > > > A teaching lab here at the University of Waterloo has just >purchased four Iris Indigos. Our hardware people tell us >that the video cable has to be kept pretty short (unlike the >video cable on say our 4D/340 with BNC connectors which we >have extended to a hundred feet or so). >This means that the Indigos have to be in the same room >as the monitors, leaving them vulnerable to malicious students. > > It appears to me that it is pretty easy to break in as root: >1) turn the power off and on >(steps 2,3,4 omitted, but trust me they're obvious and easy) >5) presto, it boots single user and you're root. > > I've sifted through the IRIX Site Admin's Guide on Security and >PROM monitor and have seen no way to password-protect the PROM >monitor, enforce direct uninterruptable boot to multiuser using initstate, >(unless shut down nicely), or otherwise prevent such a break-in. >I also haven't seen anything like Sun's "secure" option in >/etc/ttytab to require root's password when booting single user. > > I really hope I've missed something. >Can anybody tell me what it is? Thanks. > > >Robyn Landers >rblanders@math.uwaterloo.ca >University of Waterloo, Math Faculty Computing Facility > On our SGI systems I run the following program called multichk from /.cshrc; It checks the run level to see what state you are running in when the root account is logged into. ------------------------------------------------------------------------------ #include <stdio.h> #include <signal.h> #include <pwd.h> #include <stdlib.h> #define PASSLENGTH 10 int getPassword(argv) char *argv[]; { char buffer[PASSLENGTH]; char rootpass[PASSLENGTH]; char altrootpass[PASSLENGTH]; char cmd[100]; char runstate[10]; char *pss,*getpass(); struct passwd *pw; char *info = "Please enter the ROOT password to continue: "; FILE *fp; int done=0,count=0; /* Hard-coded encrypted alternate maintenance password just in case the root */ /* password cannot be read from /etc/passwd with getpwuid routine */ strcpy(altrootpass,"7nhgQJhqMZaXE"); sprintf (cmd,"/bin/who -r | /usr/bin/tr -s \" \" \" \" 2> /dev/null | /usr/bin/cut -d\" \" -f4 2> /dev/null\0"); if ((fp = popen (cmd,"r")) == NULL) { printf ("error: %s executing runstate command\n",argv[0]); return(0); } fgets (runstate,25,fp); runstate[strlen(runstate)-1] = '\0'; if (strcmp(runstate,"2")==0) { printf ("runstate: multi-user\n"); return(1); } else printf ("runstate: not multi-user\n"); pw = getpwuid(0); if (pw==NULL) { printf ("Could not get root passwd! You must enter alternate maintenance password!\n"); strcpy(rootpass,altrootpass); } else { strcpy(rootpass, pw->pw_passwd); } while (!done) { pss = getpass(info); strcpy(buffer,pss); done = !(strcmp(crypt(buffer, rootpass), rootpass) && strcmp(crypt(buffer,altrootpass), altrootpass)); count++; if (!done && count==3) { printf ("Runstate not multi-user & you don't seem to know the password!\n"); printf ("Last chance to enter the root password or alternate maintenance password!\n"); pss = getpass(info); strcpy(buffer,pss); done = !(strcmp(crypt(buffer, rootpass), rootpass) && strcmp(crypt(buffer,altrootpass), altrootpass)); if (done) return(1); else return(0); } } return(1); } main(int argc, char *argv[]) { int retval; if (getuid()) { printf ("You must be ROOT to run this program\n"); exit(1); } signal (SIGINT, SIG_IGN); signal (SIGQUIT, SIG_IGN); signal (SIGSEGV, SIG_IGN); signal (SIGHUP, SIG_IGN); signal (SIGABRT, SIG_IGN); signal (SIGTSTP, SIG_IGN); signal (SIGTERM, SIG_IGN); retval = getPassword(argv); if (!retval) { printf ("ZAPP!\n"); system ("/etc/init 0"); } else printf ("AOK...here we go!\n"); } ------------------------------------------------------------------------------ Our /.cshrc files look like this: ------------------------------------------------------------------------------ # ignore signals onintr - set history = 100 if ( $?prompt ) then /.multichk endif onintr ------------------------------------------------------------------------------ vvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv | Kenneth M. McDonald * OAO Corp * Arnold Engineering Development Center | | MS 120 * Arnold AFS, TN 37389-9998 * (615) 454-3413 | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ INTERNET: mcdonald@aedc-vax.af.mil LOCAL: c60244@ccfiris