sulogin - single-user login program (Enhanced Security)
/sbin/sulogin
The sulogin program is run by the init process on the console
terminal when entering single-user mode. The sulogin
program checks the system configuration to determine
whether entering single-user mode requires entering the
root password. If it does not, then sulogin execs
/sbin/sh with its argv[0] set to "-". That same exec is
also done if the root password is correctly entered.
The decision to enter the single-user mode depends on the
state of the system configuration files. If the files
cannot be read, then defaults are assumed (as described
below). Therefore, the loss of a configuration file does
not prevent access to the system console for repairing the
problem.
The sulogin program first checks the /etc/rc.config file
for a the SECURE_CONSOLE variable. If such a variable is
present, and it is set to a true value (either "TRUE",
"ON", "YES", or "1"), then the program asks for the root
password. The value of the SECURE_CONSOLE variable is
checked in a case-independent fashion, and only a minimal
match is necessary. Thus, the value is really checked
against the following regular expression:
^([Tt]|1|[Yy]|[Oo][Nn]).*
If the SECURE_CONSOLE variable is present, but does not
have one of the true values, then sulogin does not ask for
the root password, but simply execs /sbin/sh as previously
described.
If the SECURE_CONSOLE variable is not found in the
/etc/rc.config file, or if that file is missing or unreadable,
then an attempt is made to obtain the value of the
console firmware setting of the SECURE variable, using the
GSI_PROM_ENV function of the getsysinfo() system call. If
the check determines the console commands are passwordprotected,
the sulogin program requests the root password.
If sulogin has made the decision to request the root password,
it also determines whether BASE or ENHANCED security
should be used to validate that password. This is done
using the value of the SECURITY variable from the
/etc/rc.config file, unless that file was not readable, in
which case the /etc/sia/matrix.conf file is read, looking
for a line beginning with the string "siad_ses_init=", and
containing either "(OSFC2," or "(BSD,". If the
/etc/rc.config file was readable, but the SECURITY variable
was not set, then BASE security is assumed. (This is
how the /sbin/init.d/security script initializes the
/etc/sia/matrix.conf file, as well). If the /etc/rc.config
file can not be read and the /etc/sia/matrix.conf file
either can not be read or does not have an appropriate
siad_ses_init line, then the sulogin program checks to see
whether the /etc/passwd file contains a valid entry for
root and whether the getespwnam("root") function returns a
valid extended profile. If both profile entries exist, but
only one has a valid encrypted password field, that profile
(and thus that security policy) is used. If both
passwords are valid, the BASE security policy is used.
Once the sulogin program has determined which security
policy to use, it checks whether that policy has a valid
account entry for user root (if not already checked while
determining which policy to use), and whether that entry
has a password that can be matched. If the password is
impossible to match, or if no valid root profile exists,
then sulogin prints a warning and execs /sbin/sh as previously
described. For BASE security, a null encrypted
password field for root causes the program to exec
/sbin/sh without complaining.
If there is a matchable root password, sulogin prints out
"Single-user root login" and prompts for the password. If
the entered password does not match (after the appropriate
encryption if non-null), the program waits for 5 seconds
(to deter break-in attempts, displays "Sorry", and reprompts.
If the program is interrupted or receives and
end-of-file condition while attempting to read a password
from the console terminal, it simply exits. This normally
causes init to enter multi-user mode (It depends on system
configuration information in /etc/inittab, specifically
the entry marked with "initdefault", which ships at runlevel
"3"). This may also cause init to prompt for a run
level, or to restart the sulogin program.
Finally, if a password was collected, and it did match,
the exec of /sbin/sh is done. If that exec fails, the
reason for the failure is displayed, and the program
sleeps for 5 seconds before exiting. Upon exiting control
of the console is returned to the init process, as previously
described for interrupt or end-of-file.
/etc/rc.config
/etc/sia/matrix.conf
/etc/passwd
/tcb/files/auth.db (/tcb/files/auth/r/root)
login(1), getpwnam(3), getespwnam(3), dispcrypt(3),
matrix.conf(4), init(8)
Security
sulogin(8)
[ Back ] |
