Date: Wed, 30 Jun 1999 02:19:08 +0200 From: Pierre Beyssac <pb@fasterix.freenix.org> To: "N.N.M" <madrapour@hotmail.com>, freebsd-security@FreeBSD.ORG Subject: Re: A strange process Message-ID: <19990630021908.A20109@fasterix.frmug.fr.net> In-Reply-To: <19990629130132.96757.qmail@hotmail.com>; from N.N.M on Tue, Jun 29, 1999 at 06:01:32AM -0700 References: <19990629130132.96757.qmail@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Jun 29, 1999 at 06:01:32AM -0700, N.N.M wrote:
> Any knows what the following process can mean?
>
> login -p zzzzzzzz
Looks like a login process exec'd by getty. getty reads the username
itself, then starts login with option -p. Subsequent password:/login:
prompts are then handled by login until it quits.
telnetd does more or less the same but adds a "-h remotehostname",
so it doesn't look like a remote attack.
If it's indeed exec'd from getty, its parent pid should be 1 (init)
and it should be attached to some tty on the machine for which a
getty is spawned by /etc/ttys. As already answered, it's probably
a stuck key.
It might be started by something else, but I'm out of imagination
now.
If it's not started by anything familiar, then you can start
worrying.
--
Pierre Beyssac pb@fasterix.frmug.org pb@fasterix.freenix.org
{Free,Net,Open}BSD, Linux : il y a moins bien, mais c'est plus cher
Free domains: http://www.eu.org/ or mail dns-manager@EU.org
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990630021908.A20109>