Return to BSD News archive
Newsgroups: comp.unix.bsd Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!elroy.jpl.nasa.gov!decwrl!netcomsv!netcom.com!netcomsv!resonex!michael From: michael@resonex.com (Michael Bryan) Subject: Re: Major security hole with getty, please help! Message-ID: <1993Sep22.163651.19550@resonex.com> Keywords: getty,security,deathtobarny Organization: Resonex Inc., Fremont CA References: <27noq0$lb5@news.u.washington.edu> Date: Wed, 22 Sep 1993 16:36:51 GMT Lines: 31 In article <27noq0$lb5@news.u.washington.edu> micah@stein1.u.washington.edu (Micah Anderson) writes: >idle-out... So I was disconnected... I then simply call back to log in >again, but WHOA! I didnt get a login, I was instantly connected back >to my tty Another reply includes the information to correct this one (making sure your modem and system are configured properly to allow a dropped carrier to cause SIGHUP to be delivered to all of your processes.) >On the subject of getty I also noticed (this might offer a clue to the >above) that when I call in utmp is NOT updated. I login and do a 'w' >and find that noone is logged in... hmmm, all the permissions look >right. > >-rw-rw-rw- 1 bin 72 Sep 21 08:39 /etc/utmp > >and wtmp DOES get updated... Unless your flavor of Unix has some odd peculiarities in this regard, the permissions on /etc/utmp and /etc/wtmp should be -rw-r--r--, so that general users will not be able to update the files. (When login runs, it starts out as "root", and should update these files before switching to your login uid.) It's not a major issue unless you're concerned about the security aspects of having these records modified. And it doesn't explain why utmp isn't updated in the first place. -- Michael Bryan michael@resonex.com +1 510 249 9600 Ext 325 Resonex, Inc. ____ ____ 47911 Westinghouse Dr. \ / B3/4 f t- w c g++ k+ s+ \ / Fremont, CA 94539 \/ Hate is not a family value. \/