[253] in Zephyr_Bugs
[john@ATHENA.MIT.EDU: Recipient in zephyr subscriptions]
daemon@ATHENA.MIT.EDU (Jonathan I. Kamens)
Mon Feb 25 05:54:15 1991
Date: Mon, 25 Feb 91 05:53:52 -0500
From: "Jonathan I. Kamens" <jik@pit-manager.MIT.EDU>
To: bug-zephyr@ATHENA.MIT.EDU, bug-dialup@ATHENA.MIT.EDU
Can anybody explain this? According to the wtmp logs on e40-008-6
(which is where john was logged in), the last time "kcyu" was logged
in was at around 11PM on February 21. Is it possible that a zwgc
process of his was still sitting around on the morning of the 24th?
If not, how else could message to kcyu be sent to john?
Is there a real security problem here, or just a fluke?
----- Forwarded message
From: john@ATHENA.MIT.EDU
To: jik@ATHENA.MIT.EDU
Cc: sethf@ATHENA.MIT.EDU
Subject: Recipient in zephyr subscriptions
Date: Sun, 24 Feb 91 01:45:21 EST
Dear jik
When I logged in just now over dialup, I got a number of Server Not
Acknowledged (or whatever) messages while zwgc was trying to subscribe.
I typed my command that returns all my subscriptions except those to class
login and filsrv, and got the following:
Class operations Instance message Recipient *
Class message Instance personal Recipient kcyu@ATHENA.MIT.EDU
kcyu is a real user. As far as I can tell, he is not logged in. I tried
sending messages to myself, but I couldn't --- "not logged in," etc. I tried
sending zephyr messages to kcyu. I received them myself, as "forged."
I spoke with sethf about it. He apparently received my zwrites as authentic.
/mit/john/[logfile zstat.log] contain the results of a "script" I tried
(with the script command) and the output to a zstat that he suggested I run.
/mit/bitbucket/sethf/john contains a script that he ran. Unfortunately my
script didn't contain the zwrites that appeared on my screen.
I'm sending this to you rather than the standard channels partly because I
still bristle at the way you put me down when I suggested the possibility
of subscribing to another user as a recipient. I don't know how it happened,
and I didn't do anything myself, but it happened. And I would really like
to know how. Seth is just as puzzled, I think.
John
----- End of forwarded message
