[437] in bugtraq
Re: login -h
daemon@ATHENA.MIT.EDU (H Morrow Long)
Thu Dec 8 15:35:52 1994
Date: Thu, 8 Dec 1994 10:44:42 -0500
From: long-morrow@CS.Yale.EDU (H Morrow Long)
To: casper@fwi.uva.nl
Cc: bugtraq@fc.net
>Real simple fix: chmod 700 /bin/login.
>
>Why's that program set-uid anyway?
>
>It hasn't been set-uid here for a long time and has given us no problems.
>(Most login allow you to hide your fromabouts with "login username".
>This clears the ut_host bit of the utmp[x] file)
>
>Casper
The original login still shows up in the wtmp file though. And I can find
out where (what IP address) you are coming in from by doing a 'netstat -na'.
Doing a 'login username' from the C shell can occassionally be useful,
especially if you are using someone else's workstation or X terminal
and just want to start up a new xterm and login as yourself (yeah I
know you can 'su' or 'telnet localhost'!).
- Morrow
