[427] in bugtraq
Re: login -h
daemon@ATHENA.MIT.EDU (Michael Bresnahan)
Thu Dec 8 00:33:25 1994
Date: Wed, 7 Dec 94 22:13 CST
From: gudu@winternet.com (Michael Bresnahan)
To: pwh@bradley.bradley.edu
Cc: bugtraq@fc.net
I don't think anyone should rely on wtmp for any kind of security.
Whatof rsh? Its easy enough to do a rsh <host> xterm -ut -display <foo>
and avoid wtmp detection. The -ut flag tells xterm to not make a
entry in utmp and it never considers making a wtmp entry. I suppose
because it never has permissions to. The rsh server would have to
make the wtmp entry. Which is odd it doesn't because it does if
envoke a shell with it. Hmmmm...
MikeB
