[581] in SIPB_Linux_Development
Re: telnetd/login hole
daemon@ATHENA.MIT.EDU (David Krikorian)
Thu May 26 05:14:18 1994
Date: Thu, 26 May 94 05:14:09 -0400
From: David Krikorian <dkk@MIT.EDU>
To: svalente@MIT.EDU
Cc: linux-dev@MIT.EDU
In-Reply-To: "[580] in SIPB_Linux_Development"
> Well, none of the Linux systems I use were affected by this, but I'm
> curious: does anyone know _exactly_ where the hole was? I guess the
> first question is: what is the "login -f" flag supposed to do?
As I understand it, "login -f username" is like "su username" (for
root) except that it runs the .login, and otherwise acts as a normal
login for username.
I'm somewhat concerned by the concensus that our machines aren't
affected by this security hole. I've only checked on two linux
systems, both Slackware 1.1, I think, and both were vulnerable. I'm
actually getting quite spoiled by never having to type my password (or
the root password).
BTW, the problem is that /bin/login is allowing you to give, at the
login: prompt, "-fusername" as the username. Note there isn't a space
in there. By requiring a space, I believe the problem (mostly?)
evaporates.
