[1943] in bugtraq
rlogin can be used to change finger information
daemon@ATHENA.MIT.EDU (Bonfield James)
Fri Jun 2 08:19:57 1995
From: Bonfield James <jkb@mrc-lmb.cam.ac.uk>
To: bugtraq@fc.net
Date: Fri, 2 Jun 1995 11:52:36 +0100 (BST)
The recent note about hiding from finger reminded me of a problem with rlogin
on some systems (not SunOS 4 or Solaris 2 it seems).
When the -l -froot flaw was noticed I quickly realised that whilst few systems
suffered from -froot, more suffered from -hhostname (including OSF/1 V3.0,
Concentrix 3.0.00).
On such systems an 'rlogin machine -l -hhostname' will write 'hostname' to the
last log information rather than your real hostname. This shouldn't pose
problems to those using the tcp wrappers though (I prefer these to wtmp any
way as the fields in wtmp are just too short).
James
