Bug 13932
| Summary: | /usr/bin/lock does not report to syslog when root unlock terminal | ||
|---|---|---|---|
| Product: | Base System | Reporter: | dima <dima> |
| Component: | bin | Assignee: | Jacques Vidrine <nectar> |
| Status: | Closed FIXED | ||
| Severity: | Affects Only Me | ||
| Priority: | Normal | ||
| Version: | Unspecified | ||
| Hardware: | Any | ||
| OS: | Any | ||
|
Description
dima
1999-09-24 12:30:01 UTC
Yes, that's bad. Here is a fix, which I will commit in the next
few days.
--- src/usr.bin/lock/lock.c.orig
+++ src/usr.bin/lock/lock.c
@@ -59,6 +59,7 @@
#include <sys/param.h>
#include <sys/stat.h>
#include <sys/time.h>
+#include <sys/types.h>
#include <sys/signal.h>
#include <err.h>
#include <ctype.h>
@@ -67,7 +68,9 @@
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
+#include <syslog.h>
#include <unistd.h>
+#include <varargs.h>
#define TIMEOUT 15
@@ -91,7 +94,7 @@
time_t timval_sec;
struct itimerval ntimer, otimer;
struct tm *timp;
- int ch, sectimeout, usemine;
+ int ch, failures, sectimeout, usemine;
char *ap, *mypw, *ttynam, *tzn;
char hostname[MAXHOSTNAMELEN], s[BUFSIZ], s1[BUFSIZ];
char *crypt(), *ttyname();
@@ -181,6 +184,8 @@
(void)printf("lock: %s on %s. timeout in %d minutes\ntime now is %.20s%s%s",
ttynam, hostname, sectimeout, ap, tzn, ap + 19);
}
+ openlog("lock", LOG_ODELAY, LOG_AUTH);
+ failures = 0;
for (;;) {
(void)printf("Key: ");
@@ -197,8 +202,13 @@
else if (!strcmp(s, s1))
break;
(void)printf("\07\n");
+ failures++;
+ if (getuid() == 0)
+ syslog(LOG_NOTICE, "%d ROOT UNLOCK FAILURE%s (%s on %s)",
+ failures, failures > 1 ? "S": "", ttynam, hostname);
if (ioctl(0, TIOCGETP, &ntty))
exit(1);
+ sleep(1); /* to discourage guessing */
}
quit();
return(0); /* not reached */
Jacques Vidrine / n@nectar.com / nectar@FreeBSD.org
Responsible Changed From-To: freebsd-bugs->nectar I'll fix it. State Changed From-To: open->closed fixed in revision 1.7 of src/usr.bin/lock/lock.c |
