[1945] in bugtraq
Re: rlogin can be used to change finger information
daemon@ATHENA.MIT.EDU (Casper Dik)
Fri Jun 2 09:47:09 1995
To: Bonfield James <jkb@mrc-lmb.cam.ac.uk>
Cc: bugtraq@fc.net
In-Reply-To: Your message of "Fri, 02 Jun 1995 11:52:36 BST."
<9506021052.AA16941@alf1.mrc-lmb.cam.ac.uk>
Date: Fri, 02 Jun 1995 14:20:26 +0200
From: Casper Dik <casper@Holland.Sun.COM>
>The recent note about hiding from finger reminded me of a problem with rlogin
>on some systems (not SunOS 4 or Solaris 2 it seems).
>
>When the -l -froot flaw was noticed I quickly realised that whilst few systems
>suffered from -froot, more suffered from -hhostname (including OSF/1 V3.0,
>Concentrix 3.0.00).
This is a flaw common to systems that have rlogind do the authentication.
Sun systems use the older method of letting login handle the rlogin
protocol. If rlogind hadnles the protocol, the username argument
gets passed on the commandline. If login handles the protocol, the username
can take any shape or form but will only be handled as username.
>On such systems an 'rlogin machine -l -hhostname' will write 'hostname' to the
>last log information rather than your real hostname. This shouldn't pose
>problems to those using the tcp wrappers though (I prefer these to wtmp any
>way as the fields in wtmp are just too short).
Some systems have 256 bytes wtmp entries, that's enough for most hostnames.
Casper
