Casper Dik <casper@Holland.Sun.COM> wrote: |This is a flaw common to systems that have rlogind do the authentication. |Sun systems use the older method of letting login handle the rlogin |protocol. If rlogind hadnles the protocol, the username argument |gets passed on the commandline. |If login handles the protocol, the username |can take any shape or form but will only be handled as username. Some OS's also have another problem with this. You can also really do rather ugly things to the display listing of "who" and "last" via this bug. I have tested this on OSF 1 V3.2 17 alpha, and NeXTSTEP 3.0-3.3. I imagine that other OS's have a problem with it too. Basicly, you "rlogin hostname -l -h^H^H^H^H^H^H" with as many ctrl-H's as the OS will accept. (You get the backspaces by a ctrl-V ctrl-H sequence) The result is intresting. On OSF "who" get's totaly munged up. I belive DEC may have a patch for it now, (as 2 days after I tested this localy, it was suddenly "fixed"... :O ) On NeXT's, it's less of a mess, but not by much. Here is a sample session: vampire:10> rlogin vampire -l -h^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H^H login: tfs Password: Last login: Fri Jun 2 22:34:11 from vampire:1> who tfs console Jun 2 04:19 tfs ttyp1 Jun 2 04:22 tfs ttyp2 Jun 2 04:22 tfs ttyp3 Jun 2 04:22 courtney ttyp4 Jun 2 22:27 (hostname.deleted) tfs ttyp8 Jun 2 19:03 tfs ttyp9 )un 2 22:35 ( vampire:2> last|more tfs Fri Jun 2 22:35 still logged in tfs Fri Jun 2 22:34 - 22:34 (00:00) courtney ttyp4 hostname.deleted Fri Jun 2 22:27 still logged in vampire:5> rusers -l tfs vampire:console Jun 2 04:19 38:40 courtney vampire:ttyp4 Jun 2 22:27 21 (hostname.deleted) tfs vampire:ttyp9 Jun 2)22:35 ( vampire:11> rsh vampire Last login: Fri Jun 2 22:35:58 from vampire:1> You can see the result. OSF was far worse, with large chunks of "who" and the rest not dispalyed.... Obviously it's not that huge a deal, but it provides some intresting results from a security/bug perspective... Tim Scanlon ________________________________________________________________ tfs@vampire.science.gmu.edu (NeXTmail, MIME) Tim Scanlon George Mason University (PGP key avail.) Public Affairs I speak for myself, but often claim demonic possession