home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.unix.ultrix
- Path: sparky!uunet!munnari.oz.au!bruce.cs.monash.edu.au!monu6!dibbler.cs.monash.edu.au!tym
- From: tym@dibbler.cs.monash.edu.au (Tim MacKenzie)
- Subject: Absurd bug in /bin/login (Ultrix 4.2)
- Message-ID: <1992Aug29.020217.11480@monu6.cc.monash.edu.au>
- Sender: news@monu6.cc.monash.edu.au (Usenet system)
- Organization: Computer Science, Monash University, Australia
- X-Newsreader: Tin 1.1 PL4
- Date: Sat, 29 Aug 1992 02:02:17 GMT
- Lines: 28
-
- There is a problem with /bin/login under Ultrix 4.2 with ENHANCED security
- and local passwd/group/auth. (enhanced may not be necessary, but it does
- _not_ break when passwd info is imported).
-
- This is TOTALLY ABSURD... read on please.
- On one machine, if the sum of the number of lines (possibly blank) in
- ~/.rhosts and /etc/hosts.equiv is >= 58, and if your machine/user combination
- does not appear within the first 57 lines, rlogin will get you in, but without
- groups, utmp, wtmp or motd (and goodness knows what else). [I was quite
- surprised when the login actually appeared in the auditlog].
-
- Examples:
- 58 blank lines in /etc/hosts.equiv, no ~/.rhosts: breaks.
- 57 blank lines in /etc/hosts.equiv, no ~/.rhosts: no break.
- 1 blank line in hosts.equiv, 56 blank + remote host in ~/.rhosts: break.
-
- On another machine, the magic number was 60 (I couldn't do much checking
- as I don't have root access there).
- ARGGGGGHHHHHH!
-
- Does anyone have a drop in replacement for login, etc for Ultrix4.2 with
- enhanced security which is hack for hack compatible? (and possibly minus this
- particular bug).
-
- This is crazy... next thing I'll find that if you have '\0\0\0\0\n' on line
- 1348 of your .rhosts it will give you a root login, just you wait!
- --
- -Tim MacKenzie (tym@dibbler.cs.monash.edu.au)
-
