[10295] in bugtraq
Re: bug in ssh allowing to be invissible
daemon@ATHENA.MIT.EDU (Joe Gross)
Wed Apr 21 15:06:05 1999
Date: Tue, 20 Apr 1999 14:22:04 -0500
Reply-To: Joe Gross <jgross@STIMPY.NET>
From: Joe Gross <jgross@STIMPY.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.LNX.4.02.9904191522470.4183-100000@main.lighting.ml.org>;
from Grzegorz Stelmaszek on Mon, Apr 19, 1999 at 03:30:20PM +0200
On Mon, Apr 19, 1999 at 03:30:20PM +0200, Grzegorz Stelmaszek wrote:
>
> I have just discoverd that there is a bug in sshd allowing ordinary user
> to be showed as not logged in while logged in. You should simply ssh to
> remote host and run command "bash". One that's not so good, is that you
> will not have the controlling terminal, but ...
You've been able to do this forever with rsh. It's because when you run
"ssh host bash" you're running a non-interactive non-login shell. Normally
you'd use this procedure to run non-interactive processes remotely but
running a shell is just an easy way of running arbitrary processes
remotely. It's really no different from running "ssh host ls".
You don't get put in the utmp because you're technically not "logging in."
This also isn't really a security vulnerability because they is by design.
Your "bash" process will still show in a ps listing.
Logs are still kept by sshd itself and by process accounting if the admin
has turned it on.
