Re: rlogin can be used to change finger information

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Paul Traina: "Cisco IP packet filtering vulnerablility"
• Previous message: Michael J. Covington: "Re: login can be used to hide from finger under SunOS 4.13u1"
• In reply to: Bonfield James: "rlogin can be used to change finger information"
• Next in thread: Tim Scanlon: "Re: rlogin can be used to change finger information"

>The recent note about hiding from finger reminded me of a problem with rlogin
>on some systems (not SunOS 4 or Solaris 2 it seems).
>
>When the -l -froot flaw was noticed I quickly realised that whilst few systems
>suffered from -froot, more suffered from -hhostname (including OSF/1 V3.0,
>Concentrix 3.0.00).

This is a flaw common to systems that have rlogind do the authentication.
Sun systems use the older method of letting login handle the rlogin
protocol.  If rlogind hadnles the protocol, the username argument
gets passed on the commandline.  If login handles the protocol, the username
can take any shape or form but will only be handled as username.

>On such systems an 'rlogin machine -l -hhostname' will write 'hostname' to the
>last log information rather than your real hostname. This shouldn't pose
>problems to those using the tcp wrappers though (I prefer these to wtmp any
>way as the fields in wtmp are just too short).


Some systems have 256 bytes wtmp entries, that's enough for most hostnames.

Casper

• Next message: Paul Traina: "Cisco IP packet filtering vulnerablility"
• Previous message: Michael J. Covington: "Re: login can be used to hide from finger under SunOS 4.13u1"
• In reply to: Bonfield James: "rlogin can be used to change finger information"
• Next in thread: Tim Scanlon: "Re: rlogin can be used to change finger information"