OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 4th quarter (Oct-Dec) 1994: Re: login -h

Re: login -h

Michael Bresnahan (guduwinternet.com)
Wed, 7 Dec 94 22:13 CST

I don't think anyone should rely on wtmp for any kind of security.
Whatof rsh?  Its easy enough to do a rsh <host> xterm -ut -display <foo>
and avoid wtmp detection.  The -ut flag tells xterm to not make a 
entry in utmp and it never considers making a wtmp entry.  I suppose
because it never has permissions to.  The rsh server would have to
make the wtmp entry.  Which is odd it doesn't because it does if
envoke a shell with it.  Hmmmm...

MikeB