From owner-freebsd-security  Mon Nov 27  4:31:45 2000
Delivered-To: freebsd-security@freebsd.org
Received: from shell.neonsky.net (shell.neonsky.net [63.144.86.194])
	by hub.freebsd.org (Postfix) with ESMTP id 84F1637B479
	for <freebsd-security@FreeBSD.ORG>; Mon, 27 Nov 2000 04:31:42 -0800 (PST)
Received: from pavilion (AC9B87AB.ipt.aol.com [172.155.135.171])
	by shell.neonsky.net (8.11.0/8.9.3) with SMTP id eARCVaR53467
	for <freebsd-security@FreeBSD.ORG>; Mon, 27 Nov 2000 12:31:38 GMT
	(envelope-from mh@neonsky.net)
Message-ID: <028e01c0586d$fb1c7680$0101a8c0@pavilion>
From: "Richard Ward" <mh@neonsky.net>
To: <freebsd-security@FreeBSD.ORG>
Subject: *login
Date: Mon, 27 Nov 2000 07:31:31 -0500
MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_028B_01C05844.0FB95B00"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2615.200
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2615.200
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

This is a multi-part message in MIME format.

------=_NextPart_000_028B_01C05844.0FB95B00
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Hello,
I'm wondering what program would use root to execute 'login -h <some =
weird host> -p". I've noticed every now and then that it would be =
running as root, and as a regular user, you cannot use the -h option. =
What exactly could be going on? I only run telnet and ssh1 as remote =
login daemons. Does telnet or ssh1 require this login command to be =
executed certain times or randomly? I have both telnet and ssh clients =
chmod 700, so a regular user won't be able to remotely login from my =
computer...

Any ideas?
--
Richard Ward
"sleep deprived and caffeine-empowered"

------=_NextPart_000_028B_01C05844.0FB95B00
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2614.3500" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>Hello,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>I'm wondering what program would use =
root to=20
execute 'login -h &lt;some weird host&gt; -p". I've noticed every now =
and then=20
that it would be running as root, and as a regular user, you cannot use =
the -h=20
option. What exactly could be going on? I only run telnet and ssh1 as =
remote=20
login daemons. Does telnet or ssh1 require this login command to be =
executed=20
certain times or randomly? I have both telnet and ssh clients chmod 700, =
so a=20
regular user won't be able to remotely login from my =
computer...</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>Any ideas?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>--<BR>Richard Ward</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>"sleep deprived and=20
caffeine-empowered"</FONT></DIV></BODY></HTML>

------=_NextPart_000_028B_01C05844.0FB95B00--



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message