[8072] in bugtraq
Re: Solaris non-root login (was: IRIX 6.2 pass...)
daemon@ATHENA.MIT.EDU (Richard Yates SPG)
Tue Sep 29 14:07:23 1998
Date: Tue, 29 Sep 1998 15:13:32 +0100
Reply-To: Richard Yates SPG <R.J.Yates@OPEN.AC.UK>
From: Richard Yates SPG <R.J.Yates@OPEN.AC.UK>
X-To: eugene.bradley@erols.com
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <199809290420.AAA16213@smtp3.erols.com> from "Eugene Bradley" at
Sep 29, 98 00:20:44 am
Eugene Bradley writes:
> On 28 Sep 98, @ 16:14, D.A. Harris <rodmur@ECST.CSUCHICO.EDU> wrote:
> > Actually, something that I think is a bug in IRIX, something that hasn't
> > been fixed in 6.5, is the behavior of login when you specify that root can
> > only login into /dev/console (this can be set in /etc/default/login).
> > Instead of immediately denying someone access when they try to telnet or
> > rlogin as root to a box, it lets you still attempt the password, and only
> > denies you access when you get the password correct. [ ... ]
>
> This login bug also exists on every version of Solaris that I've
> worked with, from 2.3 all the way to 2.6 HW 5/98
> <rant>
> [ ... ]
> </rant>
Solaris 2.3: passwd/wrongpw => chucked off, no msg/Not on system console.
Solaris 2.4: => login incorrect/login incorrect.
Solaris 2.5.1: => Not on system console/Not on system console.
Solaris 2.6:1: => Not on system console/Not on system console.
Various patches all over the place, so you should be able to
get some to suit you. The behaviour seems to be consistently
inconsistently consistent. However, the system takes longer
to chuck you off if you stick in the wrong passwd. I wonder
why? (No, I don't, this is a rhetorical question!).
Richard.
--
The Open University is not responsible for content herein, which may
be incorrect and is used at reader's own risk.
