Re: -froot??? (AIX rlogin bug)

irvdwijk@cs.vu.nl
Mon, 1 Aug 1994 21:16:19 +0200 (MET DST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: G.J.W. Hagenaars: "SunOs bug"
Previous message: Derik Jarne x353-2490: "Re: -froot??? (AIX rlogin bug)"
In reply to: Bill Heiser: "Re: -froot??? (AIX rlogin bug)"
Next in thread: DFRussell: "Re: -froot??? (AIX rlogin bug)"

Someone wrote:
> 
> 
> Baba Z Buehler wrote this:
> > 
> > I run some Linux systems, and I haven't seen the problem in any of the
> > Linux 1.x releases.
> 
I have access to several linux systems, and almost everyone had problems
(when the bug ws first reported)

> 
> Note that "Linux 1.x" refers to the KERNEL patchlevel ... and I doubt
> this has much, if any, effect on the behavior of the RLOGIN daemon.
> 
It has nothing to do with the kernel release, it's a bug in login  (at 
least, that's what I think, login should not accept -fusername without a 
space in between). You could also see it as a bug in programs that execve 
login without checking for a username starting with a '-'

> People running LINUX will need to check their particular
> DISTRIBUTION (i.e. Slackware, Debian, SLS, etc) for any bug 
> they want to investigate.
> 

I haven't really checked, but I heard that the latest Slackware was distributed
with the buggy, extremely insecure vixie cron (of course, together with 
thousands of other security holes in the distribution)

> Re: this particular probelm (rlogin) .. I have been unable to reproduce
> it in Slackware 1.2 systems.

Don't forget that this bug is also in telnetd and getty! (And perhaps even more,
these are the only ones I know of). I don't know if AIX has problems
with getty/telnetd (those bugs are fixed at the AIX machine I have access
to), but linux sure has. For example, 
- Try at the console to login as '-froot'
  (or another user, but if -froot doesn't work, the rest doesn't probably 
  either)
- try:
  $ USER=root
  $ export USER
  $ telnet target -a # automatic login
  (it could also be -l login, or both...)
  Of course, your telnet client should support the -a/-l switch (linux' telnet 
  does)

Also, if -froot doesn't work on your site, check if -fanotherexistingusername
works, root logins are usually denied from ttyp*

> 
> 
> -- 
> Bill Heiser   @Work heiser@ed.ray.com  + + + +  @Home: bill@bhhome.ci.net


	Ivo
-- 
------------------------------------------------------------------------
Name:     Ivo van der Wijk  | It won't give up it wants me dead
Internet: irvdwijk@cs.vu.nl | this goddamn noise inside my head
IRC:      VladDrac          |                                |\|||/| 
URL:	  http://www.hut.nl/users/ivo
------------------------------------------------------------------------

Next message: G.J.W. Hagenaars: "SunOs bug"
Previous message: Derik Jarne x353-2490: "Re: -froot??? (AIX rlogin bug)"
In reply to: Bill Heiser: "Re: -froot??? (AIX rlogin bug)"
Next in thread: DFRussell: "Re: -froot??? (AIX rlogin bug)"