Re: wtmp locking problem (was: Re: SOLVED: Erk! Something is *really* wrong here!)
On 6 Mar 1997, Guy Maor wrote:
> Craig Sanders <cas@taz.net.au> writes:
>
> > mgetty and telnet/ssltelnet trigger it because they call login. ssh
> > & wu-ftpd don't trigger it because they don't call login - they do
> > their own thing. is that right?
>
> Correct.
the more i think of it, the more it seems that there's a conflict
between "Set A" and "Set B" login-related programs.
"Set A" includes mgetty, telnet, getty, and other programs which call
/bin/login. "Set B" includes ssh and wu-ftpd and other programs which do
their own wtmp updating.
Using only Set A programs on a system is fine. Using only Set B programs
is fine too.
Using both on the same system will cause the corruption.
i think this is a more accurate summary of what is happening than what i
posted last night.
> > i think we should immediately change the login package so that
> > it doesn't do this - at least until we know for sure how serious
> > a problem it is and until we have time to update all relevant
> > packages.
>
> I was looking for an explanation of this denial of service attack.
> Maybe I'm being obtuse, but I can't figure out how changing the
> location of the flock'd file changes the ability for somebody to lock
> it and prevent other logins. Surely it doesn't only apply if there's a
> world-writable wtmp? That would be silly.
indeed!
craig (30 today - according to my partner i am now officially a decrepit
old geek rather than a young geek :-)
Reply to: