Bugtraq mailing list archives

Re: -froot??? (AIX rlogin bug)

From: baba () ph-meter beckman uiuc edu (Baba Z Buehler)
Date: Sat, 30 Jul 1994 15:58:03 -0500


ericw () fx com (Eric Wedaa) writes:

Someone over on the firewalls mailing list just threw out this tidbit:

   rlogin aix.machine -l -froot

For instance:
 
   rlogin foobar -l -froot

This gives you root access on any AIX 3.2.X machine.

Does anyone have any history on this trapdoor?  Apparently
it also existed in Linux several generations ago.


That's a bit old, and I believe IBM has at least an "unofficial" fix for
it now.  

I run some Linux systems, and I haven't seen the problem in any of the
Linux 1.x releases.

b
--
# Baba Z Buehler
# Beckman Institute Systems Services, Urbana Illinois
#
#  "How come that big box of bright ideas you sent
#   me is the one they say fell off the truck?"  -- Butch Hancock
#
# WWW: http://www.beckman.uiuc.edu/groups/biss/people/baba/
# PGP Public Key available via finger baba () beckman uiuc edu

Current thread:

Re: Re: Bad Advise, (continued)
- - - Re: Re: Bad Advise Pete Hartman (Jul 26)
    - Re: Bad Advise Evil Pete (Jul 26)
    - Re: Bad Advise David Lawrence Oppenheimer (Jul 26)
    - Re: Bad Advise Harold van Aalderen (Jul 26)
    - Re: Bad Advise Christopher Klaus (Jul 26)
    - Re: Bad Advise Timothy Newsham (Jul 27)
    - -froot??? (AIX rlogin bug) Eric Wedaa (Jul 29)
    - Re: -froot??? (AIX rlogin bug) Aaron Eppert (Jul 29)
    - Re: -froot??? (AIX rlogin bug) Mark G. Scheuern (Jul 30)
    - Re: -froot??? (AIX rlogin bug) Alexander Haiut (Jul 30)
    - Re: -froot??? (AIX rlogin bug) Baba Z Buehler (Jul 30)
    - Solaris problems? James W. Abendschan (Jul 29)
    - Re: Solaris problems? Steve Davis (Jul 30)
    - Re: Solaris problems? jsz (Jul 30)
    - Re: Solaris problems? Casper Dik (Jul 31)
  - Re: coredumps on setuid programs. Andrew Beckett (Jul 25)