Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
Re: login -hMichael Bresnahan (guduwinternet.com)
Wed, 7 Dec 94 22:13 CST
- Messages sorted by: [ date ][ thread ][ subject ][ author ]
- Next message: Michael Shanzer: "new version of fingerd"
- Previous message: Luke Mewburn: "Re: Race conditions"
- Maybe in reply to: Bonfield James: "login -h"
- Next in thread: Robert M. Haas: "Re: login -h"
I don't think anyone should rely on wtmp for any kind of security. Whatof rsh? Its easy enough to do a rsh <host> xterm -ut -display <foo> and avoid wtmp detection. The -ut flag tells xterm to not make a entry in utmp and it never considers making a wtmp entry. I suppose because it never has permissions to. The rsh server would have to make the wtmp entry. Which is odd it doesn't because it does if envoke a shell with it. Hmmmm... MikeB