Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
What are the options for a autologin with a getty
I read a excellent article about autologin with mingetty in Linux Journal but I am using fbgetty.(I also know there is a program called autologin).
Now I compiled a simple file(idea i found somewhere) with execlp passing arguments to login the username i want to autologin.The program will be loaded by fbgetty so that the user would autologin.
Is the idea safe from security breaches?
If you are *not* the only one who has physical access to the console, then ask yourself for starters if it would hurt you if someone rm -rf your /home/${LOGNAME}, read your mail or did Other Stuff under your ${LOGNAME}.
Originally posted by unSpawn If you are *not* the only one who has physical access to the console, then ask yourself for starters if it would hurt you if someone rm -rf your /home/${LOGNAME}, read your mail or did Other Stuff under your ${LOGNAME}.
i bet not, and whilst you are at this task why not do some port scanning other hosts ...
thanks a bunch for your replies
the $LOGNAME here is temp
as the name suggests i am using the username for sort of temp works
so i am not too afraid of somebody doing a rm -rf ~
anyone who wants to login to his account may still use su or another vc
as the name suggests i am using the username for sort of temp works
Unprivileged account names or it's tasks don't matter: anyone who wants to login to his account may still use su or another vc
The sting is in the word may.You're looking for justification for having autologin by looking at people's expected behaviour while you should look at the risks. My example was only to show you that autologin should only be done if you're the ONLY one EVER to have access to the box. ...and probably not even then, because you're degrading the security posture of your box.
I should have made this clear from the start, instead of trying to make you think about the risks.
How about me trying to use LD_SO_PRELOAD or link something and trick you into executing something that will give me a backdoor later on? Or exploiting a weakness in one of the running (network facing) daemons? Or maybe bruteforce my way into an account.
Fact is, if you're NOT at the console, what USE is it opening the account anyway, and IF you're at the account then why not do it manually. If you want certain tasks to be done automagically, you could for instance easily set up some cron jobs.
Originally posted by unSpawn as the name suggests i am using the username for sort of temp works
Unprivileged account names or it's tasks don't matter: anyone who wants to login to his account may still use su or another vc
The sting is in the word may.You're looking for justification for having autologin by looking at people's expected behaviour while you should look at the risks. My example was only to show you that autologin should only be done if you're the ONLY one EVER to have access to the box. ...and probably not even then, because you're degrading the security posture of your box.
I should have made this clear from the start, instead of trying to make you think about the risks.
How about me trying to use LD_SO_PRELOAD or link something and trick you into executing something that will give me a backdoor later on? Or exploiting a weakness in one of the running (network facing) daemons? Or maybe bruteforce my way into an account.
Fact is, if you're NOT at the console, what USE is it opening the account anyway, and IF you're at the account then why not do it manually. If you want certain tasks to be done automagically, you could for instance easily set up some cron jobs.
First about LD_SO_PRELOAD:Well how can anyone set LD_SO_PRELOAD without suid/sgid
Well using execlp has its disadvantages as compared to exec(From man pages execlp(3) execve(3) ld.so(8))
But security is not compromised
I admit there may be weakness in some deamons.
Bruteforce do not seem logical:With MD5 there is less risk of bruteforce crack(of course ,with enough time(?!) anyone can bruteforce in)
But anyway thanks for your excellent reply
And I think I will follow as you say!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
