[HECnet] Re: How special is your CTY? (Was Re: PyDECnet T1.1 beta 2)

For RSTS: startup happens at the console (KB0) which is the terminal at the first single-line serial port, originally a DL11 at a fixed address, a built-in port in some later machines. You could -- with the normal settings -- stop the startup script and be left logged in with all privileges. It's possible, starting with V9.0, to configure things to be locked up pretty tight, with the startup job forced to log out if you succeed in interrupting it. I'm not sure if that's documented; it would require some care to get right. But since you get to the initialization component dialog first, and there you can do things like patch the OS, a determined attacker with access to the console could still get in. After startup, there's nothing special about the console, it's just an ordinary interactive terminal. Privileges come from the parameters of the user ID you logged in with, not from the terminal. It's possible to restrict some accounts to disallow dialup terminals, and/or network terminals. paul