Bugtraq mailing list archives
Re: login -h
From: casper () fwi uva nl (Casper Dik)
Date: Wed, 07 Dec 1994 23:04:50 +0100
While Solaris 2.3 may be immune to this from rlogin, I have had reports that some people have been logging in, and then relogging in with "exec login joeuser -hhostname" to obscure where they are logged in from. This is usually traceable, but could conceivably cause problems too if you rely on knowing where someone is logged in from to build a case against them for cracking activity. And if my sentence was unclear, this *is* under Solaris 2.3.
Real simple fix: chmod 700 /bin/login. Why's that program set-uid anyway? It hasn't been set-uid here for a long time and has given us no problems. (Most login allow you to hide your fromabouts with "login username". This clears the ut_host bit of the utmp[x] file) Casper
Current thread:
- login -h Bonfield James (Dec 07)
- Re: login -h Alexander Haiut (Dec 08)
- <Possible follow-ups>
- Re: login -h Pete Hartman (Dec 07)
- Re: login -h Casper Dik (Dec 07)
- Re: login -h Ed Arnold (Dec 07)
- Re: login -h Bogdan Pelc (Dec 08)
- Re: login -h Adam Shostack (Dec 08)
- Re: login -h Bogdan Pelc (Dec 08)
- Re: login -h Michael Bresnahan (Dec 07)
- Re: login -h Robert M. Haas (Dec 08)
- Re: login -h H Morrow Long (Dec 08)
- Re: login -h der Mouse (Dec 08)