Re: login -h

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Michael Bresnahan: "Re: Virus's -- This is an Emacs bomb (fwd)"
• Previous message: Ed Arnold: "Re: login -h"
• In reply to: Pete Hartman: "Re: login -h"
• Next in thread: Ed Arnold: "Re: login -h"

>While Solaris 2.3 may be immune to this from rlogin, I have had reports
>that some people have been logging in, and then relogging in with
>"exec login joeuser -hhostname" to obscure where they are logged in from.
>This is usually traceable, but could conceivably cause problems too if
>you rely on knowing where someone is logged in from to build a case against
>them for cracking activity.  And if my sentence was unclear, this *is*
>under Solaris 2.3.


Real simple fix:  chmod 700 /bin/login.

Why's that program set-uid anyway?

It hasn't been set-uid here for a long time and has given us no problems.
(Most login allow you to hide your fromabouts with "login username".
This clears the ut_host bit of the utmp[x] file)

Casper

• Next message: Michael Bresnahan: "Re: Virus's -- This is an Emacs bomb (fwd)"
• Previous message: Ed Arnold: "Re: login -h"
• In reply to: Pete Hartman: "Re: login -h"
• Next in thread: Ed Arnold: "Re: login -h"