Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1996_2

Bugtraq archives for 2nd quarter (Apr-Jun) 1996: /bin/login

/bin/login

Jon Peatfield (J.S.Peatfielddamtp.cam.ac.uk)
Wed, 15 May 1996 21:37:00 BST

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: James W. Abendschan: "Re: TCP SYN probe detection tool available"
Previous message: redeyecompulink.gr: "Re: TCP SYN probe detection tool available"

Just remove the setuid bit on /bin/login and this "problem" goes away.
(Assuming you have already fixed /etc/utmp,wtmp not to be world writable...)

Not a major security hole, just a bug in applications which trust utmp/wtmp.

 -- Jon

Next message: James W. Abendschan: "Re: TCP SYN probe detection tool available"
Previous message: redeyecompulink.gr: "Re: TCP SYN probe detection tool available"