[1906] in bugtraq
/usr/lib/utmp_update musings
daemon@ATHENA.MIT.EDU (Paul Ashton)
Tue May 23 18:26:25 1995
Date: Tue, 23 May 95 21:42 BST
From: paul@argo.demon.co.uk (Paul Ashton)
To: bugtraq@fc.net
As nobody yet seems to have pointed out: it is trivial to change a utmp
slot to show root or anybody in the entry for a slot pointing to ../tmp/x
as the device, as long as you make a symlink in /tmp/x to point to a
validly owned device that responds to a TCGETA ioctl. Surely this
brings a multitude of problems with it (it did get me root with in.comsatd
in a rather far-fetched way)?
Cheers,
Paul
