Unix SCO 5.06 .profile
 

Hi, I have a problem with the .profile file, in my Unix SCO is running a legacy application so, when i user try to run the application from a windows SO the open the software without problem and ask the user to put a user name and password, but the main problem is that when i do telnet to my unix box and ask me for user name for example if i put john and press enter and at the same time i press the delete key the user get the unix prompt so i dont know what can i do with this security weakness. By the way, each user havent got a password, i just define the user name with a password, i mean the just put the user name when the do telnet to the unix box.

It is not clear exactly what is happening. The login and password for both types of login should be the same. When accessing the application from Windows, are you using terminal emulation software or are the users using telnet? You should not be able to break the login with the delete key in either case. Is the application program being run from the .profile file?

I am using terminal emulation and the login and password is not the same for the unix box is different thant from the application, the problem is why if i press the delete key it goes to the prompt rather than goes to the application. This is i security vulnerability. isnt it.

why nobody wants to help me, is there one that know how to solve this problem........

I am not sure I understand your problem.

is simple why if i telnet my unix box and i put user name and after press enter at the same time if i press delete key it goes to the unix shell rather than goes to the application

Any time you telnet into a system you will be presented with a text shell for log in. This is normal operation. I do not know how to set it up, but there is a restricted shell that an outside user can telnet into. I beleive you can define exactly what programs a user can execute in a restricted shell. IE:

After the user logs into a restricted shell they are presented with a menu, and if the user tries to break out of the menu they can be logged out of the system.

Each user needs their own user name and password.
It sound to like you are trying to defeat unix security.

I think there is a secure shell that is part of SSH.

i have one user called generic that doesnt need password i mean i defined without password and i am using that user for 20 users more within the company so if i telnet the server for example:

c:\>telnet 10.x.x.x press enter
login: generic press enter
It goes into the legacy application but if at the same time that i pressed the enter key after i put the login name if i press the delete key it goes to the unix prompt i mean the generic user bypass the .profile and break into the unix shell rather than the legacy application.....Any idea.

SCO are assh*les.

THEY ARE TRYING TO DESTROY LINUX AND GPL!!!!

I would NEVER ever support them after their lawsuit on the linux kernel.

I sincerely recommend you change to FreeBSD.

Using FreeBSD you will get alot more help from forums and the like rather than SCO.

**honestly ~ if you have not invested too much time n sco already make the leap to another distro.

i mean it is not my fault if is SCO or FreeBSD i just have a problem and i need to solve it......

I know man but they are trying to take down gpl linux.

You must understand the irony of asking a linux gpl site for help with sco.

You'll prolly come acrioss this alot using that OS.

the linux community is very serious about our OS's.

But it's nothing personal on the end user's - unless they are anti-linux of course.

ok so i am goint to try in a sco forum cheers.

Ok I read your case - if SCO is letting telnet login's get by by pressing the delete key then yes it is a secutiry issue on the part of sco. Another reason to change to FreeBSD.

Besides - all the apps on FreeBSD will be gpl - which is usually more cutting edge in this day and age believe it or not.

I hope I did not offend you.

mossy