Ultrix and login:

Sanand Patel sanand at radha.UUCP
Thu Feb 26 07:14:56 AEST 1987


In regards to running login from a non-login shell, I was under
the impression that 'login' should refuse to run if it is not
owned by 'init'. This would be so that you could not threaten the wtmp
entry of a target user.

However, I find that Ultrix 1.2, allows me to run /bin/login from any shell
and thus subvert the wtmp file. Was this not a security hole closed
a long time ago ? Does this happen under 4.2/3 BSD ? I am thinking about
making /bin/login executable only by root -- any comments ?

---
--- utzoo!dciem!radha!sanand
--- seismo!mnetor!radha!sanand
-- 
---
--- seismo!mnetor!radha!sanand
--- utzoo!dciem!radha!sanand
--- 416-293-9722 ext248



More information about the Comp.unix.wizards mailing list