*BSD News Article 21269


Return to BSD News archive

Path: sserve!newshost.anu.edu.au!munnari.oz.au!news.Hawaii.Edu!ames!elroy.jpl.nasa.gov!swrinde!cs.utexas.edu!uwm.edu!ogicse!netnews.nwnet.net!news.u.washington.edu!stein1.u.washington.edu!micah
From: micah@stein1.u.washington.edu (Micah Anderson)
Newsgroups: comp.unix.bsd
Subject: Major security hole with getty, please help!
Summary: Yikes! How did THAT happen?
Keywords: getty,security,deathtobarny
Message-ID: <27noq0$lb5@news.u.washington.edu>
Date: 21 Sep 93 20:39:28 GMT
Article-I.D.: news.27noq0$lb5
Organization: University of Washington
Lines: 26
NNTP-Posting-Host: stein.u.washington.edu

Ok, here I am... got getty running just fine on my machine, I can call
it up from work and login and everything is cool, almost ready for
public use... Then something quite peculiar happens. I get logged out
due to the dialout modem I was using at work has a timer for
idle-out... So I was disconnected... I then simply call back to log in
again, but WHOA! I didnt get a login, I was instantly connected back
to my tty and got the ---MORE 70%--- prompt at the bottom (I was
reading something, a man page or something) NO login, no password and
NO security.

Does anyone know what is going on here? Does anyone know a potential
fix for this?

On the subject of getty I also noticed (this might offer a clue to the
above) that when I call in utmp is NOT updated. I login and do a 'w'
and find that noone is logged in... hmmm, all the permissions look
right.

-rw-rw-rw-  1 bin            72 Sep 21 08:39 /etc/utmp

and wtmp DOES get updated...

Any clues would be more than appreciated!


micah