[2883] in Kerberos-V5-bugs
pty/554: Bug in BSD utmp/wtmp handling
daemon@ATHENA.MIT.EDU (Chris P. Ross)
Tue Mar 3 10:52:16 1998
Resent-From: gnats@rt-11.MIT.EDU (GNATS Management)
Resent-To: hartmans@MIT.EDU
Resent-Reply-To: krb5-bugs@MIT.EDU, cross@va.pubnix.com
Date: Tue, 3 Mar 1998 10:51:24 -0500 (EST)
From: cross@va.pubnix.com (Chris P. Ross)
Reply-To: cross@va.pubnix.com
To: krb5-bugs@MIT.EDU
Cc: cross@va.pubnix.com
>Number: 554
>Category: pty
>Synopsis: telnetd makes bogus utmp/wtmp entries on bsd systems
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: hartmans
>State: open
>Class: sw-bug
>Submitter-Id: unknown
>Arrival-Date: Tue Mar 03 10:52:00 EST 1998
>Last-Modified:
>Originator: Chris P. Ross
>Organization:
UUNET Technologies, Inc.
>Release: krb5-1.0.4
>Environment:
x86 & sparc ; BSD/OS 3.1
System: BSD/OS ballista.va.pubnix.com 3.1 BSDI BSD/OS 3.1 Kernel #5: Fri Nov 21 16:28:46 EST 1997 lidl@pembroke.va.pubnix.com:/export/src/bsdi/sys/compile/DESKTOP i386
>Description:
On a BSD/OS system, or presumedly any BSD based system (where
struct utmp has no ut_type entry), you cannot write the PTY_LOGIN_PROCESS
utmp entries out. If you do, having no ut_type field, it will show up
as the equilavelnt of a SysV USER_PROCESS type entry, and be reported
erroniously in last(1). It would presumedly also show up in the utmp file
before login writes out the new (correct) record. The latter is a lesser
problem, but still arguably wrong. The extra grot in the wtmp file is a
*big* problem.
>How-To-Repeat:
Compile telnetd on a BSD machine. When you telnet to the machine
you've got the krb5 telnetd configured to run on, last(1) will show:
cross ttyp0 ballista.va.pubnix.com Tue Mar 3 10:38 still logged in
LOGIN ttyp0 ballista.va.pubnix.com Tue Mar 3 10:38 - 10:38 (00:00)
cross ttyp1 falchion.va.pubnix.com Mon Mar 2 23:40 - 23:48 (00:08)
LOGIN ttyp1 falchion.va.pubnix.com Mon Mar 2 23:40 - 23:40 (00:00)
>Fix:
I believe the following patch will retain the functionality on
systems with a ut_type entry, but prevent the bogus utmp/wtmp entries on
systems without it.
Index: src/util/pty/update_utmp.c
===================================================================
RCS file: /export/src/CVS/usr.local/krb5/src/util/pty/update_utmp.c,v
retrieving revision 1.1.1.1
diff -c -r1.1.1.1 update_utmp.c
*** update_utmp.c 1997/12/17 15:15:10 1.1.1.1
--- update_utmp.c 1998/03/03 15:42:53
***************
*** 70,75 ****
--- 70,84 ----
default:
return PTY_UPDATE_UTMP_PROCTYPE_INVALID;
}
+ #else
+ /* If we have no ut_pid, we assume we also have no ut_type.
+ * If we have no ut_type, then don't write things other than
+ * type == USER_PROCESS, since everything in the utmp/wtmp will
+ * show up as a user process if written...
+ */
+ if (process_type != PTY_USER_PROCESS) {
+ return(0);
+ }
#endif /*NO_UT_PID*/
#ifndef NO_UT_HOST
>Audit-Trail:
>Unformatted:
