Return to BSD News archive
Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!elroy.jpl.nasa.gov!swrinde!cs.utexas.edu!uwm.edu!ogicse!netnews.nwnet.net!news.u.washington.edu!stein1.u.washington.edu!micah From: micah@stein1.u.washington.edu (Micah Anderson) Newsgroups: comp.unix.bsd Subject: Major security hole with getty, please help! Summary: Yikes! How did THAT happen? Keywords: getty,security,deathtobarny Message-ID: <27noq0$lb5@news.u.washington.edu> Date: 21 Sep 93 20:39:28 GMT Article-I.D.: news.27noq0$lb5 Organization: University of Washington Lines: 26 NNTP-Posting-Host: stein.u.washington.edu Ok, here I am... got getty running just fine on my machine, I can call it up from work and login and everything is cool, almost ready for public use... Then something quite peculiar happens. I get logged out due to the dialout modem I was using at work has a timer for idle-out... So I was disconnected... I then simply call back to log in again, but WHOA! I didnt get a login, I was instantly connected back to my tty and got the ---MORE 70%--- prompt at the bottom (I was reading something, a man page or something) NO login, no password and NO security. Does anyone know what is going on here? Does anyone know a potential fix for this? On the subject of getty I also noticed (this might offer a clue to the above) that when I call in utmp is NOT updated. I login and do a 'w' and find that noone is logged in... hmmm, all the permissions look right. -rw-rw-rw- 1 bin 72 Sep 21 08:39 /etc/utmp and wtmp DOES get updated... Any clues would be more than appreciated! micah