[440] in bugtraq
Re: login -h
daemon@ATHENA.MIT.EDU (der Mouse)
Thu Dec 8 17:56:22 1994
Date: Thu, 8 Dec 1994 12:22:42 -0500
From: der Mouse <mouse@Collatz.McRCIM.McGill.EDU>
To: gudu@winternet.com
Cc: bugtraq@fc.net
> I don't think anyone should rely on wtmp for any kind of security.
> Whatof rsh?
If you're going to be paranoid about security, you should blow away
anything that lets people in unauthenticated, like rsh.
Quite aside from that,
> Its easy enough to do a rsh <host> xterm -ut -display <foo> and avoid
> wtmp detection.
Or more simply, rsh <host> csh -fi, which I have used when for some
reason rlogin didn't work (eg, out of ptys) and I needed a shell on the
machine to fix things.
> The -ut flag tells xterm to not make a entry in utmp and it never
> considers making a wtmp entry. I suppose because it never has
> permissions to.
xterm is capable of writing a wtmp entry on almost any system on which
it can write utmp entries. (The exceptions are those where (a) xterm
is not setuid-root, (b) utmp is world writable, and (c) wtmp isn't
world writable.)
> The rsh server would have to make the wtmp entry. Which is odd it
> doesn't because it does if envoke a shell with it. Hmmmm...
Given the current wtmp design, it shouldn't write a wtmp entry because
there's nothing to put in the ut_line field. One could invent
something, I suppose....
der Mouse
mouse@collatz.mcrcim.mcgill.edu
