Re: wtmp locking problem (was: Re: SOLVED: Erk! Something is really wrong here!)

To: debian-devel@lists.debian.org
Subject: Re: wtmp locking problem (was: Re: SOLVED: Erk! Something is *really* wrong here!)
From: Guy Maor <maor@ece.utexas.edu>
Date: 06 Mar 1997 10:48:27 -0600
Message-id: <[🔎] 87wwrlezkg.fsf@slip-64-2.ots.utexas.edu>
In-reply-to: Craig Sanders's message of Fri, 7 Mar 1997 02:57:37 +1100 (EST)
References: <Pine.LNX.3.95q.970307021552.10591D-100000@siva.taz.net.au>

Craig Sanders <cas@taz.net.au> writes:

> mgetty and telnet/ssltelnet trigger it because they call login. ssh &
> wu-ftpd don't trigger it because they don't call login - they do their
> own thing. is that right?

Correct.

> i think we should immediately change the login package so that it doesn't
> do this - at least until we know for sure how serious a problem it is and
> until we have time to update all relevant packages.

I was looking for an explanation of this denial of service attack.
Maybe I'm being obtuse, but I can't figure out how changing the
location of the flock'd file changes the ability for somebody to lock
it and prevent other logins.  Surely it doesn't only apply if there's
a world-writable wtmp?  That would be silly.

Does anybody know of a linux-security archive, or know anything about
this attack?  I'll just go ask Peter Orbaek.

Guy

Reply to:

Follow-Ups:
- Re: wtmp locking problem
  - From: kai@khms.westfalen.de (Kai Henningsen)

Prev by Date: Re: SysV init scripts
Next by Date: Re: Enhancements to the bug system
Previous by thread: Re: Bug#7851: exim: Documentation provided two times in /usr/doc/exim
Next by thread: Re: wtmp locking problem
Index(es):
- Date
- Thread

Re: wtmp locking problem (was: Re: SOLVED: Erk! Something is *really* wrong here!)

Re: wtmp locking problem (was: Re: SOLVED: Erk! Something is really wrong here!)