From owner-freebsd-security  Tue Apr  1 06:22:20 1997
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.5/8.8.5) id GAA03488
          for security-outgoing; Tue, 1 Apr 1997 06:22:20 -0800 (PST)
Received: from cheops.anu.edu.au (avalon@cheops.anu.edu.au [150.203.76.24])
          by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id GAA03481;
          Tue, 1 Apr 1997 06:22:14 -0800 (PST)
Message-Id: <199704011422.GAA03481@freefall.freebsd.org>
Received: by cheops.anu.edu.au
	(1.37.109.16/16.2) id AA253474249; Wed, 2 Apr 1997 00:17:29 +1000
From: Darren Reed <avalon@coombs.anu.edu.au>
Subject: root logins on secure tty's ?
To: hackers@freebsd.org
Date: Wed, 2 Apr 1997 00:17:28 +1000 (EST)
Cc: security@freebsd.org
Priority: urgent
X-Mailer: ELM [version 2.4 PL23]
Content-Type: text
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk


for some reason, in 2.2.1 source, /bin/login root logins appear
to be broken on secure tty's.

line 271 of login.c (or thereabouts):
			} else if (pwd->pw_passwd[0] == '\0') {
				if (rootlogin && !rootok) {
					/* pretend password okay */
					rval = 0;
					goto ttycheck;
				}
			}

in my ttys, I enable ttyv1 as secure, rootok == 1 and I get prompted
for a password.  Were the tty insecure, I suspect this would work (I
have a null password for root).  btw, I only noticed this because it
used to work on 2.1.6 and didn't after the upgrade...

Is this (perhaps) a leftover from the breakin earlier in the year ?

Darren