Re: SOLVED: Erk! Something is *really* wrong here!
It's a locking problem. From login's changelog:
Version 1.45a (16-Dec-96)
Changed the wtmp locking scheme in login.c,agetty.c,simpleinit.c
to flock() /etc/wtmplock instead of the wtmp file directly.
This avoids a denial of service attack.
Obviously a problem if others are not locking wtmp in the same
fashion. rxvt does logging to wtmp, but strace reveals that it's
locking /var/log/wtmp. init and other getty's are probably locking
the actual wtmp file also.
Does anybody know anything about the denial of service attack? If
serious, we'll have to change at least init, mgetty, rxvt.