Bugtraq mailing list archives
Re: login -h
From: mouse () Collatz McRCIM McGill EDU (der Mouse)
Date: Thu, 8 Dec 1994 12:22:42 -0500
I don't think anyone should rely on wtmp for any kind of security. Whatof rsh?
If you're going to be paranoid about security, you should blow away anything that lets people in unauthenticated, like rsh. Quite aside from that,
Its easy enough to do a rsh <host> xterm -ut -display <foo> and avoid wtmp detection.
Or more simply, rsh <host> csh -fi, which I have used when for some reason rlogin didn't work (eg, out of ptys) and I needed a shell on the machine to fix things.
The -ut flag tells xterm to not make a entry in utmp and it never considers making a wtmp entry. I suppose because it never has permissions to.
xterm is capable of writing a wtmp entry on almost any system on which it can write utmp entries. (The exceptions are those where (a) xterm is not setuid-root, (b) utmp is world writable, and (c) wtmp isn't world writable.)
The rsh server would have to make the wtmp entry. Which is odd it doesn't because it does if envoke a shell with it. Hmmmm...
Given the current wtmp design, it shouldn't write a wtmp entry because
there's nothing to put in the ut_line field. One could invent
something, I suppose....
der Mouse
mouse () collatz mcrcim mcgill edu
Current thread:
- login -h Bonfield James (Dec 07)
- Re: login -h Alexander Haiut (Dec 08)
- <Possible follow-ups>
- Re: login -h Pete Hartman (Dec 07)
- Re: login -h Casper Dik (Dec 07)
- Re: login -h Ed Arnold (Dec 07)
- Re: login -h Bogdan Pelc (Dec 08)
- Re: login -h Adam Shostack (Dec 08)
- Re: login -h Bogdan Pelc (Dec 08)
- Re: login -h Michael Bresnahan (Dec 07)
- Re: login -h Robert M. Haas (Dec 08)
- Re: login -h H Morrow Long (Dec 08)
- Re: login -h der Mouse (Dec 08)