DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Maintaining system security

stopio(S) on devices

The system has a feature that makes it difficult to handle console output from a daemon, and you must plan daemon output accordingly. All terminal devices are subject to the trusted system call, stopio(S), which was added to enhance the identification and authentication subsystem to prevent login spoofing. When a user logs out, the getty that is respawned on that terminal line calls stopio with the terminal device name as an argument. Any processes holding that device open are killed (signal SIGHUP) if they try to write to the device again. Daemons that write to the console are subject to this signal if a logout occurs at the console between daemon start up and daemon output. Because most daemons ignore SIGHUP, their message output is simply lost. Therefore, you should redirect daemon output to a file or disabled terminal if it must be preserved (or redirect the output to the null device as in the above example).


NOTE: The use of stopio(S) on devices can be disabled if desired. See ``Disabling C2 features''.


Next topic: Privileges
Previous topic: LUID enforcement

© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 03 June 2005