Previous Topic: Restricting Terminals for Root UsersNext Topic: Password Checking and Login Restrictions


Recommended Restrictions

You should restrict the use of the loopback terminals, local host terminals, and station host names if the default access for the TERMINAL class is READ. Allowing users to use these terminals permits all other users to substitute their own user IDs if they know the target user's password. For example, consider the following scenario:

User U can bypass this set of access rules by simply performing the command telnet loopback, specifying the user ID root, and supplying the password. Now a superuser session has started from terminal T, which is not supposed to allow superuser login. A user can similarly bypass access rules by exploiting the local host or the station's host name.

To restrict these three vulnerabilities, use the following definitions:

newres TERMINAL loopback defaccess(N) owner(nobody)
newres TERMINAL localhost defaccess(N) owner(nobody)
chres TERMINAL hostname defacc(N) owner(nobody)

An alternative approach to preventing this security breach is to limit the TCP requests for telnet, ftp, and so forth from local host.

Yet another option is to set default access for the TERMINAL group to NONE, then specify TERMINAL and GTERMINAL rules.