Bugtraq mailing list archives
Re: AIX rlogind
From: peter () gecko dialix oz au (Peter Wemm)
Date: Mon, 23 May 1994 11:11:52 +0800 (WST)
Kevin Johnson writes: :The rlogind on my machine (a Motorola r32 box) using the shadow 3.3.x :package does not exhibit the bug. I'm wondering if it's a composite :bug between certain implementations of rlogind and login. I am of the :opinion that this is an important point to resolve due to the variety :of alternative implementations of rlogind and login out there... Yes, it's a composite problem. The shadow-3.3.X login program makes all the correct tests. it's not directly the fault of the code in lmain.c. However: it makes one basic assumption .. and that is that processes that are already running as root will not allow users to specify arguments to the login program (reasonable, I guess). However, many of the getty and rlogind/telnetd programs that are "out there" seem to not have the same view. Some getty/rlogind/telnetd daemons that I've seen on systems nearby correctly filter out user-specified arguments beginning with "-". Ultrix seems to be one. The ttymon program that's used in SVR4 systems is another. Weitse (sp?) posted a patch to his "agetty" a few days ago to correct his version to strip leading "-" arguments. -Peter -- Peter Wemm <peter () DIALix oz au> - NIC Handle: PW65 - The keeper of "NN" "My computer is better than your computer" - Anonymous (Overheard, shortly after the creation of the second computer....)
Current thread:
- Re: ruserok() & /etc/hosts.equiv, (continued)
- Re: ruserok() & /etc/hosts.equiv Carl Corey (May 03)
- Re: ruserok() & /etc/hosts.equiv Walker Aumann (May 03)
- Re: ruserok() & /etc/hosts.equiv Uwe Ellermann (May 04)
- Re: ruserok() & /etc/hosts.equiv Wietse Venema (May 21)
- AIX rlogind peter () freedom nmsu edu (May 21)
- Re: AIX rlogind Peter Wemm (May 21)
- Re: AIX rlogind Kevin Johnson (May 22)
- Re: AIX rlogind Casper Dik (May 22)
- Re: AIX rlogind Kevin Johnson (May 22)
- Re: AIX rlogind Casper Dik (May 22)
- Re: AIX rlogind Peter Wemm (May 22)
- Re: AIX rlogind matthew green (May 22)
- Re: AIX rlogind Paul A Vixie (May 23)
- Fix for Linux/AIX login hole Karyn Pichnarczyk (May 23)
- Re: Fix for Linux/AIX login hole Rens Troost (May 23)
- Re: AIX rlogind Bonfield James (May 24)
- Re: ruserok() & /etc/hosts.equiv Carl Corey (May 03)
- Fix for Linux/AIX login hole Doug McLaren (May 22)
- Re: Fix for Linux/AIX login hole Tony Jago (May 23)
- Re: AIX rlogind Wietse Venema (May 23)
- AIX Fix Mark Fullmer (May 22)
- various rlogind stuff, plus new telnetd stuff (was Re: AIX rlogind) matthew green (May 22)