Bugtraq mailing list archives

Re: login -h

From: gudu () winternet com (Michael Bresnahan)
Date: Wed, 7 Dec 94 22:13 CST


I don't think anyone should rely on wtmp for any kind of security.
Whatof rsh?  Its easy enough to do a rsh <host> xterm -ut -display <foo>
and avoid wtmp detection.  The -ut flag tells xterm to not make a 
entry in utmp and it never considers making a wtmp entry.  I suppose
because it never has permissions to.  The rsh server would have to
make the wtmp entry.  Which is odd it doesn't because it does if
envoke a shell with it.  Hmmmm...

MikeB

Current thread:

login -h Bonfield James (Dec 07)
- Re: login -h Alexander Haiut (Dec 08)
- <Possible follow-ups>
- Re: login -h Pete Hartman (Dec 07)
  - Re: login -h Casper Dik (Dec 07)
- Re: login -h Ed Arnold (Dec 07)
  - Re: login -h Bogdan Pelc (Dec 08)
    - Re: login -h Adam Shostack (Dec 08)
- Re: login -h Michael Bresnahan (Dec 07)
  - Re: login -h Robert M. Haas (Dec 08)
- Re: login -h H Morrow Long (Dec 08)
- Re: login -h der Mouse (Dec 08)