[1332] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Re: denial of service attack on login

daemon@ATHENA.MIT.EDU (Marek Michalkiewicz)
Wed Nov 27 18:08:11 1996

From: marekm@i17linuxb.ists.pwr.wroc.pl (Marek Michalkiewicz)
To: linux-security@redhat.com
Date: Wed, 27 Nov 1996 21:09:08 +0100 (MET)
Cc: johnsonm@redhat.com
In-Reply-To: <199611270540.XAA32687@sh1.ro.com> from "Chris Adams" at Nov 26, 96 11:40:33 pm
Resent-From: linux-security@redhat.com
Reply-To: linux-security@redhat.com

Chris Adams:
> > 	joe$ nvi /var/log/wtmp
> > 
> > 	[ Now no-one else can log in ]
> 
> This doesn't seem to happen on my system - RedHat 3.0.3 + shadow
> passwords.  My /bin/login comes from shadow-960810-1.  Maybe the
> shadow passowrd suite doesn't try to lock wtmp?

Yes.  It shouldn't be necessary - the O_APPEND open() flag should be
enough to guarantee atomic writes at end of file (it's a kernel bug
if it doesn't).  Original *BSD login sources don't lock wtmp either,
but util-linux does.  Perhaps O_APPEND didn't work right on old
kernels?  Remember util-linux login was ported to Linux 0.12 :-).

Marek


home help back first fref pref prev next nref lref last post