Re: Linux login security approaches

Neil Conway (nconway.list@ukaea.org.uk)
Tue, 8 Dec 1998 14:34:17 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Patrick Kursawe: "Re: Internationalizing Linux"
Previous message: Rik van Riel: "Re: [PATCH] swapin readahead and fixes"

Henrik Olsen wrote:
>
> <long letter about protecting against a trojaned login snipped>
>
> You have a fundamental flaw in your assumptions, since you don't take into
> account the fact that unless the security of the system is very badly
> messed up already, if a user is able to substitute his own program for
> the normal login/getty, he can also exchange his programs for whatevery
> else you add to give better "security".
>
> <asbestos>
> The reason why people said your suggestion was the "NT way", is that it
> makes life harder to everyone trying to use the system, without adding to
> the actual security of the system.
> </asbestos>

Jeez, wrong on both counts. No-one needs to replace /bin/login, simply
print a message to the screen saying "Linux blah \n login:" and then
wait for someone to take the bait.

Secondly, NT's C-A-D requirement DOES prevent this, and thus DOES add
security, AND to make things better, I don't see how it makes life any
harder for users - it's just some keys you press to get a login screen.

Neil

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Patrick Kursawe: "Re: Internationalizing Linux"
Previous message: Rik van Riel: "Re: [PATCH] swapin readahead and fixes"