[580] in SIPB_Linux_Development
Re: telnetd/login hole
daemon@ATHENA.MIT.EDU (Salvatore Valente)
Sun May 22 22:30:30 1994
Date: Sun, 22 May 94 22:30:12 -0400
To: linux-dev@MIT.EDU
In-Reply-To: "[576] in SIPB_Linux_Development"
From: Salvatore Valente <svalente@MIT.EDU>
The original report:
> The problem lies with /bin/login: whenever someone passes the
> -f flag to /bin/login, the user will be logged in without prompting for a
> password.
The original fix:
> It executes /bin/login.prg (the original login program) after removing any
> -f flags from the arguments.
Ted suggests that the fix could be better:
> Note that this isn't a login security hole, but is properly a telnetd
> security hole. The login -f flag is useful, after all....
The second report:
> Basically you can login as root from the console or by telnet without
> a password type typing:
> "login -f root" from the console
Which makes it sound like the "login -f" flag is a bit _more_ useful
then it really should be... :-)
Well, none of the Linux systems I use were affected by this, but I'm
curious: does anyone know _exactly_ where the hole was? I guess the
first question is: what is the "login -f" flag supposed to do?
-Sal.
