For mgetty users with non-trusted shell logins

l41484@alfa.ist.utl.pt (l41484@alfa.ist.utl.pt)
Tue, 26 Jan 1999 11:04:12 +0100

Messages sorted by:[ date ][ thread ][ subject ][ author ]

On 26 Jan 1999, Marc SCHAEFER wrote:

> IMMUNE CONFIGURATIONS
>    You are immune to this problem if one (or more) of the following
>    is true:
> 
>       - you do not have modems
>       - you do not have untrusted shell account users which may want to
>         DoS you or use your modems to dial out.
>       - you use the rlogin work-around noted below and user nobody is not
>         equivalent (rhost ``security'').
>       - your OS has a root-reopen-only-on-unmaskable-hangup
>         comportment (none at this time to my knowledge)
>       - you use the ptylogin work-around available in mgetty-1.1.20.

I know this seems obvious, but there are dumb people out there. And these,
will probably cry outloud and deny login acesss imediately if they are not
vulnerable. So maybe u should also say here "People which provide login
acess through modems connected to terminal servers?"

Just a thought.

--
Tiago Pascoal  (l41484@alfa.ist.utl.pt)               FAX : +351-1-7273394
Politicamente incorrecto, e membro (nao muito) proeminente da geracao rasca.