Bugtraq mailing list archives
Fix for Linux/AIX login hole
From: dougmc () graphite comco com (Doug McLaren)
Date: Mon, 23 May 1994 00:55:39 -0500 (CDT)
I wrote a little script wrapper to install as /bin/login which I thinks will close up any of the current batch of holes ... I'm looking for comments, and hoping it might help somebody out. I think it's pretty bulletproof, but it's always possible I've missed something ... #!/bin/sh # by Doug McLaren, dougmc () comco com, 05/22/94 # This script acts as a frontend to /bin/login and makes sure that programs # like in.telnetd, in.rlogind and getty don't pass it any bogus command # line parameters. # This script should not be setuid anything! # Installation: Rename the original /bin/login to /bin/login.dist, and make # this script the new /bin/login. Make sure 'logger' is set to the correct # location for your logger binary. # Problems this addresses: passing bogus -h and -f options to /bin/login. logger="/usr/bin/logger -t login" # The reason we seperate all parameters with ','s is so one can see exactly # what is being sent to /bin/login - "login -h foo" and "login '-h foo'" are # not the same ... $logger "'login $1,$2,$3,$4,$5,$6,$7,$8,$9'" executed by `whoami` deny_access () { echo "Go away, lamer." $logger "connection refused - attempted security breach!" exit 1 } # -p, -r, -f, -h are the only valid options I know of for the Linux # login. I haven't looked into any other versions of it. If login is # started with any other options, or with anything 'funky', exit. for i in "$@"; do # echo "Checking \'$i\' ..." case $i in -f) ;; -h) ;; -r) ;; -p) ;; *\ *) deny_access ;; -*) deny_access ;; *) ;; esac done # In this part, we don't allow two -h or -f options. I don't know if this # part is still needed, but it shouldn't hurt. I doubt it's bullet proof, # however. case " $*" in *\ -h*\ -h*) deny_access ;; *\ -f*\ -f*) deny_access ;; *) ;; esac # Ok, guess it all checks out ... execute the real /bin/login. exec /bin/login.dist "$@" -- Doug McLaren, dougmc () comco com -- MONEY IS THE ROOT OF ALL EVIL! Send $9.95 for info
Current thread:
- Re: AIX rlogind, (continued)
- Re: AIX rlogind Kevin Johnson (May 22)
- Re: AIX rlogind Casper Dik (May 22)
- Re: AIX rlogind Kevin Johnson (May 22)
- Re: AIX rlogind Casper Dik (May 22)
- Re: AIX rlogind Peter Wemm (May 22)
- Re: AIX rlogind matthew green (May 22)
- Re: AIX rlogind Paul A Vixie (May 23)
- Fix for Linux/AIX login hole Karyn Pichnarczyk (May 23)
- Re: Fix for Linux/AIX login hole Rens Troost (May 23)
- Re: AIX rlogind Bonfield James (May 24)
- Fix for Linux/AIX login hole Doug McLaren (May 22)
- Re: Fix for Linux/AIX login hole Tony Jago (May 23)
- Re: AIX rlogind Wietse Venema (May 23)
- AIX Fix Mark Fullmer (May 22)
- various rlogind stuff, plus new telnetd stuff (was Re: AIX rlogind) matthew green (May 22)
- Re: AIX rlogind Peter Wemm (May 22)