[420] in bugtraq
Re: login -h
daemon@ATHENA.MIT.EDU (Casper Dik)
Wed Dec 7 19:54:42 1994
To: Pete Hartman <pwh@bradley.bradley.edu>
Cc: bugtraq@fc.net
In-Reply-To: Your message of "Wed, 07 Dec 1994 09:43:33 CST."
<9412071543.AA06940@bradley.bradley.edu>
Date: Wed, 07 Dec 1994 23:04:50 +0100
From: Casper Dik <casper@fwi.uva.nl>
>While Solaris 2.3 may be immune to this from rlogin, I have had reports
>that some people have been logging in, and then relogging in with
>"exec login joeuser -hhostname" to obscure where they are logged in from.
>This is usually traceable, but could conceivably cause problems too if
>you rely on knowing where someone is logged in from to build a case against
>them for cracking activity. And if my sentence was unclear, this *is*
>under Solaris 2.3.
Real simple fix: chmod 700 /bin/login.
Why's that program set-uid anyway?
It hasn't been set-uid here for a long time and has given us no problems.
(Most login allow you to hide your fromabouts with "login username".
This clears the ut_host bit of the utmp[x] file)
Casper
