Bugtraq mailing list archives
Re: login -h
From: pwh () bradley bradley edu (Pete Hartman)
Date: Wed, 7 Dec 94 09:43:33 -0600
This bug occurs on several systems, such as DEC OSF/1 V3.0 and Concentrix 2.1. I have tried Solaris 2.3 and SunOS 4.1 which both appear to be safe from this at first glance. (We haven't got a newer SunOS 4.x unfortunately! So I've done no tests on 4.1.3U1.) I expect most other systems are safe too.
While Solaris 2.3 may be immune to this from rlogin, I have had reports that some people have been logging in, and then relogging in with "exec login joeuser -hhostname" to obscure where they are logged in from. This is usually traceable, but could conceivably cause problems too if you rely on knowing where someone is logged in from to build a case against them for cracking activity. And if my sentence was unclear, this *is* under Solaris 2.3.
Current thread:
- login -h Bonfield James (Dec 07)
- Re: login -h Alexander Haiut (Dec 08)
- <Possible follow-ups>
- Re: login -h Pete Hartman (Dec 07)
- Re: login -h Casper Dik (Dec 07)
- Re: login -h Ed Arnold (Dec 07)
- Re: login -h Bogdan Pelc (Dec 08)
- Re: login -h Adam Shostack (Dec 08)
- Re: login -h Bogdan Pelc (Dec 08)
- Re: login -h Michael Bresnahan (Dec 07)
- Re: login -h Robert M. Haas (Dec 08)
- Re: login -h H Morrow Long (Dec 08)
- Re: login -h der Mouse (Dec 08)