[439] in bugtraq
Re: login -h
daemon@ATHENA.MIT.EDU (Robert M. Haas)
Thu Dec 8 16:32:21 1994
To: gudu@winternet.com (Michael Bresnahan)
Cc: pwh@bradley.bradley.edu, bugtraq@fc.net
In-Reply-To: Your message of "Wed, 07 Dec 1994 22:13:00 CST."
<m0rFaE3-000SxfC@icicle.winternet.com>
Date: Thu, 08 Dec 1994 09:20:04 -0800
From: "Robert M. Haas" <rhaas@cygnus.arc.nasa.gov>
> I don't think anyone should rely on wtmp for any kind of security.
> Whatof rsh? Its easy enough to do a rsh <host> xterm -ut -display <foo>
> and avoid wtmp detection. The -ut flag tells xterm to not make a
> entry in utmp and it never considers making a wtmp entry. I suppose
> because it never has permissions to. The rsh server would have to
> make the wtmp entry. Which is odd it doesn't because it does if
> envoke a shell with it. Hmmmm...
rsh does not make a wtmp entry; rlogin does. rsh is a flat link; i.e. you
can't do IOCTL's on the client end and have them propagated across the
link or whatever, it's just a socket connection. rlogin on the other hand
emulates things like IOCTLs and so forth; since you are really "logging
in" to the machine and not just executing a single command, it makes a
wtmp entry.
If given a hostname to connect to, but no specific command to execute,
rsh invokes rlogin. Thus a wtmp entry is created. ...Robert
