Bugtraq mailing list archives
Re: Netscape Admin Servers /tmp/deamonstat
From: Valdis.Kletnieks () VT EDU (Valdis.Kletnieks () VT EDU)
Date: Wed, 18 Jun 1997 04:10:46 -0400
On Wed, 18 Jun 1997 03:02:15 -0000, you said:
************** Corinne Posse Security Notice ************** Issue Number 5: 970717 ************** http://corinne.mac.edu/posse ************** **** Problem with su on HP/UX 9.00 VIA a dumb-terminal **** When the shell calling "su" is killed, the user is logged out, but in-between login prompts, a user can still enter commands as root.
I have to admit that it's 4AM, and I'm not an HP/UX expert, but I suspect the follwoing is happening: When the other sysadmin does a 'kill -9' or whatever of the *parent shell*, this is failing to propagate a SIGHUP to the shell spawned by the su command (which makes sense, as it is probablyin a different process group for job control purposes). The login shell exits, the su-shell keeps running. init notices the login shell exiting, and re-spawns a getty. You then get a getty/login and a su-shell fighting in a race condition for any given line of terminal input. The problem is probably exacerbated by a lack of a revoke() call in HP/UX 9.0, which was designed to close exactly this hole - getty can revoke() on the /dev/tty and be *sure* that no other processes are still reading. (And yes, I *know* about the funky race conditions in many Unixoid kernels that allow a blocked open() to slip past a revoke() call. But revoke() is better than nothing ;) Work-around: Make sure to kill the su-shell first, and THEN the login shell. If this is too hard to remember, create a shell or perl script called 'nuke-admin' ;) Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech
Current thread:
- Re: Core file anomalies under BSDi 3.0, (continued)
- Re: Core file anomalies under BSDi 3.0 Theo de Raadt (Jun 20)
- Re: Core file anomalies under BSDi 3.0 Ariel Biener (Jun 20)
- http://www.news.com/News/Item/0,4,11759,00.html Aleph One (Jun 20)
- Re: http://www.news.com/News/Item/0,4,11759,00.html Raymond Dijkxhoorn (Jun 21)
- Re: Core file anomalies under BSDi 3.0 Stacey Son (Jun 20)
- /cgi-bin/handler - more notes Razvan Dragomirescu (Jun 19)
- Re: Solaris 2.5.1 party piece Doug Hughes (Jun 19)
- Re: Solaris 2.5.1 party piece Bojan Zdrnja (Jun 20)
- Re: Solaris 2.5.1 party piece Joe Gross (Jun 20)
- Re: Netscape Admin Servers /tmp/deamonstat Valdis.Kletnieks () VT EDU (Jun 18)
- Re: your mail J. Joseph Max Katz (Jun 18)
- Re: your mail yeti (Jun 19)
- WE FOUND IT! (fwd) Jason R Mastaler (Jun 18)