Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AIX rlogind

From: peter () gecko dialix oz au (Peter Wemm)
Date: Mon, 23 May 1994 11:11:52 +0800 (WST)

Kevin Johnson writes:
:The rlogind on my machine (a Motorola r32 box) using the shadow 3.3.x
:package does not exhibit the bug.  I'm wondering if it's a composite
:bug between certain implementations of rlogind and login.  I am of the
:opinion that this is an important point to resolve due to the variety
:of alternative implementations of rlogind and login out there...

Yes, it's a composite problem.  The shadow-3.3.X login program makes
all the correct tests. it's not directly the fault of the code in
lmain.c.  However: it makes one basic assumption .. and that is that
processes that are already running as root will not allow users to
specify arguments to the login program (reasonable, I guess).

However, many of the getty and rlogind/telnetd programs that are "out
there" seem to not have the same view.  Some getty/rlogind/telnetd
daemons that I've seen on systems nearby correctly filter out
user-specified arguments beginning with "-".  Ultrix seems to be one.
The ttymon program that's used in SVR4 systems is another.

Weitse (sp?) posted a patch to his "agetty" a few days ago to correct
his version to strip leading "-" arguments.

-Peter

-- 
Peter Wemm <peter () DIALix oz au> - NIC Handle: PW65 - The keeper of "NN"
      "My computer is better than your computer" - Anonymous
  (Overheard, shortly after the creation of the second computer....)
Previous By Date Next
Previous By Thread Next

Current thread: