Theodore Wynnychenko <t...@uchicago.edu> wrote: > So, to do this, I edited the appropriate terminal line in /etc/ttys to a > custom > entry defined in /etc/gettytab; then added an entry to /etc/gettytab, using > 'lo:' to point to a ksh script which (basically) looks at the input given to > getty, and if it contains a specific username, runs "/usr/bin/login -f root" - > if the user name entered is something different, the ksh script runs -> exec > /usr/bin/login "$@" <- which allows any other user to login with a password.
Yes it is the unveil of /usr/bin/login specifically, rather than the variable 'LO' which is gettytab.h:#define LO gettystrs[10].value which is initialized by calling gettable() not just the first time, but also later. That picks up the change, but it is too late it is after unveil() has locked the filesystem space down. So we'll need to consider softening the unveil position, or removing the obscure feature which no longer works.
