Bugtraq mailing list archives

Re: Solaris 2.3 login

From: jdd () cdf toronto edu (John DiMarco)
Date: Fri, 12 Aug 1994 11:06:19 -0400


In message <9408120347.AA02964 () matt itd uts edu au>you write:

well i had a bit of a hack around last night with 2.3 login. it seems you
can set enviroment variables with login such as

% exec login user IFS=/

now of course IFS,PTAH,SHELL cant be set but others can! now of course
since login tries to read past the user name you can get login to core dump
quite easily by over feeding it like this

% exec login user "`cat big.binary.file`"

this will quite hapilly core dump login.


We've turned off public execute permission for login. The only thing
this breaks is the ability to type "login foo" and log in as foo after
being logged in as somebody else. su or "rlogin localhost -l foo" are 
perfectly suitable alternatives.

Regards,

John
--
John DiMarco <jdd () cdf toronto edu>                        Office: EA201B
Computing Disciplines Facility Systems Manager            Phone: 416-978-1928
University of Toronto                                     Fax:   416-978-1931
http://www.cdf.toronto.edu/personal/jdd/jdd.html

Current thread:

Re: Solaris 2.3 login Jas (Aug 11)
- <Possible follow-ups>
- Re: Solaris 2.3 login richard oxbrow (Aug 12)
- Re: Solaris 2.3 login jatipper () vnet IBM COM (Aug 12)
- Re: Solaris 2.3 login Perry E. Metzger (Aug 12)
- Re: Solaris 2.3 login John DiMarco (Aug 12)
  - Re: disabling login in V1 #14 Wm Randolph Franklin (Aug 18)
    - Re: disabling login in V1 #14 matthew green (Aug 19)
- Re: Solaris 2.3 login Peter Wemm (Aug 12)
- Re: Solaris 2.3 login Evil Pete (Aug 12)
- Re: Solaris 2.3 login Marc W. Mengel (Aug 12)
- Re: Solaris 2.3 login Christopher A. Stewart (Aug 12)
- Re: Solaris 2.3 login David Barr (Aug 14)