Date: Fri, 15 Sep 1995 13:24:35 -0700 From: "Justin T. Gibbs" <gibbs@freefall.FreeBSD.org> To: Nate Williams <nate@rocky.sri.MT.net> Cc: security@Freebsd.org, core@Freebsd.org Subject: Re: forwarded message from Grant Haidinyak Message-ID: <199509152024.NAA24367@aslan.cdrom.com> In-Reply-To: Your message of "Fri, 15 Sep 1995 14:18:06 MDT." <199509152018.OAA17249@rocky.sri.MT.net>
next in thread | previous in thread | raw e-mail | index | archive | help
I've complained about this behavior many times before, but no one even acknowledged it as a bug. :(. I've always seen it by acidently killing an xterm running a make world in an su'd shell. When I pop up another xterm as user gibbs, I see the output from the make world still... and get some kind of funky mixture of the new shell and old shell responding to my input. >------- start of forwarded message (RFC 934 encapsulation) ------- >[ Quick background. Grant has been experiencing a bug whereby folks are >re-connected to login which were abruptly dis-connected from a machine. >This is a *HUGE* security hole if it is indeed true. ] > >From: Grant Haidinyak <grant@iwv.com> >To: "Nate Williams" <nate@sneezy.sri.com> >Cc: grant@iwv.com >Subject: Re: PTY's reused to quickly >Date: Fri, 15 Sep 1995 11:32:43 -0700 > >Nate, > >Actually, this one of the early bugs with BSD 4.2. I didn't want to >post an article with a subject "HUGE Security Hole in FreeBSD, Watch >Out!!!!!!". This tends to attract to much attention. > >Anywho, here's my environment, and the symptoms I'm seeing. > >1) A box running FreeBSD 2.0.5 Release (off the cdrom). This box is > named "cow" > a 16 port Boca serial card/box. > 10 Development computers hooked up to the Boca board. > >2) People rlogin into cow, then tip into one of the development > systems, do their work, then when they finish, they type ~. to > exit from the tip session. Unfortunatly, these characters are > intercepted by the rlogin, which drops the login session before > the tip session is killed. Then when someone else rlogins, it > seems like the old pty is selected, instead of a new one, because > the output of the new session and the old session are > intermingled and the input seems to alternate between the two > sessions. > >My speculation is that when the rlogin session goes away, it doesn't >clean up the session correctly, which causes the pty to stay active, >then when a new pty needs to be picked for a new rlogin session, the >login task (rlogind) picks the next pty in the line, not knowing >that the session wasn't cleaned up completely. > >If you want anymore information, let me know. > > >grant >------- end ------- -- Justin T. Gibbs =========================================== Software Developer - Walnut Creek CDROM FreeBSD: Turning PCs into workstations ===========================================
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509152024.NAA24367>