Bugtraq mailing list archives
Re: Aix rlogind
From: wietse () wzv win tue nl (Wietse Venema)
Date: Sat, 21 May 94 16:16:45 MET DST
what are the details on this new bug?
One week ago I received mail from someone who used my agetty program (flexible login front end for SysV and SunOS), after he had discovered that it would pass on usernames that begin with '-'. I wrote the program in the days of SysV.2, when login did not have any command- line switches, so it had never been a problem there. These days, usernames that begin with '-' can wreak havoc with login programs that have options to disable password checking (-r, -f). I posted a note to various news groups with a small context diff for my agetty source that disabled usernames beginning with '-'. In the next couple of days I received reactions from people who were triggered by this problem. It turned out that most network daemons will pass on usernames that begin with '-'. I guess quite a few are having fun now with telnet -l and rlogin -l. Wietse
Current thread:
- Aix rlogind THOMAS P. WALPOLE (May 20)
- Re: Aix rlogind Wietse Venema (May 21)
- <Possible follow-ups>
- Re: Aix rlogind der Mouse (May 21)
- Re: AIX rlogind Jim Thompson (May 22)
- Re: AIX rlogind der Mouse (May 23)
- Re: AIX rlogind Casper Dik (May 24)