OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: telnetd/login design cheese-up??
From: Chris Evans (chrisferret.lmh.ox.ac.uk)
Date: Tue Jul 25 2000 - 12:01:18 CDT


On Tue, 25 Jul 2000, Olaf Kirch wrote:

> On Tue, Jul 25, 2000 at 12:24:30AM +0100, Chris Evans wrote:
> > I mean WTF? Surely it is good design to have _one_ program take
> > responsibility for updating these databases. And I'd like that to be
> > "login". login already keeps a root process hanging around to close the
> > PAM session when the user logs out. As far as I'm concerned, telnetd is a
> > conduit between a socket and a pty, not a user login database manager!
>
> Have you tried simply dispabling the code in telnetd? I wouldn't be
> surprised if the utmp entries still went away. As far as I remember
> the whole point of login hanging around and closing the PAM sessions
> is to get rid of stuff like utmp entries. I would guess the code
> in telnetd just never got removed when the move to pam was made.

In a way the code is already "disabled" - when user nobody in a
chroot() tries to modify /var/run/utmp, it doesn't get very far ;-)

Unfortunately, it seems login (or PAM) fails to clear up wtmp and
utmp. "utmpdump" showed up a still logged in entry and last shows a user
"still logged in" which corresponds to the dead telnet session.

I'll look at this ASAP...

Cheers
Chris