Bugtraq mailing list archives

Re: login -h

From: casper () fwi uva nl (Casper Dik)
Date: Wed, 07 Dec 1994 23:04:50 +0100

While Solaris 2.3 may be immune to this from rlogin, I have had reports
that some people have been logging in, and then relogging in with
"exec login joeuser -hhostname" to obscure where they are logged in from.
This is usually traceable, but could conceivably cause problems too if
you rely on knowing where someone is logged in from to build a case against
them for cracking activity.  And if my sentence was unclear, this *is*
under Solaris 2.3.



Real simple fix:  chmod 700 /bin/login.

Why's that program set-uid anyway?

It hasn't been set-uid here for a long time and has given us no problems.
(Most login allow you to hide your fromabouts with "login username".
This clears the ut_host bit of the utmp[x] file)

Casper

Current thread:

login -h Bonfield James (Dec 07)
- Re: login -h Alexander Haiut (Dec 08)
- <Possible follow-ups>
- Re: login -h Pete Hartman (Dec 07)
  - Re: login -h Casper Dik (Dec 07)
- Re: login -h Ed Arnold (Dec 07)
  - Re: login -h Bogdan Pelc (Dec 08)
    - Re: login -h Adam Shostack (Dec 08)
- Re: login -h Michael Bresnahan (Dec 07)
  - Re: login -h Robert M. Haas (Dec 08)
- Re: login -h H Morrow Long (Dec 08)
- Re: login -h der Mouse (Dec 08)