Re: wtmp locking problem (was: Re: SOLVED: Erk! Something is *really* wrong here!)
Craig Sanders <cas@taz.net.au> writes:
> mgetty and telnet/ssltelnet trigger it because they call login. ssh &
> wu-ftpd don't trigger it because they don't call login - they do their
> own thing. is that right?
Correct.
> i think we should immediately change the login package so that it doesn't
> do this - at least until we know for sure how serious a problem it is and
> until we have time to update all relevant packages.
I was looking for an explanation of this denial of service attack.
Maybe I'm being obtuse, but I can't figure out how changing the
location of the flock'd file changes the ability for somebody to lock
it and prevent other logins. Surely it doesn't only apply if there's
a world-writable wtmp? That would be silly.
Does anybody know of a linux-security archive, or know anything about
this attack? I'll just go ask Peter Orbaek.
Guy
Reply to: