From owner-freebsd-security  Mon Jul 28 12:55:08 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id MAA28129
          for security-outgoing; Mon, 28 Jul 1997 12:55:08 -0700 (PDT)
Received: from netrail.net (netrail.net [205.215.10.3])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA28122
          for <security@freebsd.org>; Mon, 28 Jul 1997 12:55:05 -0700 (PDT)
Received: from localhost (jonz@localhost)
	by netrail.net (8.8.6/8.8.6) with SMTP id PAA12919
	for <security@freebsd.org>; Mon, 28 Jul 1997 15:54:27 GMT
Date: Mon, 28 Jul 1997 15:54:26 +0000 (GMT)
From: "Jonathan A. Zdziarski" <jonz@netrail.net>
To: security@freebsd.org
Subject: security hole in FreeBSD
Message-ID: <Pine.BSF.3.95q.970728155311.12468B-100000@netrail.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

I'm a little paranoid, as somebody hacked our syste about a month ago and
said he would do it again.  Where is the source code for /bin/login?  I've
checked /usr/src, the only thing I find is
/usr/src/contrib/cvs/src/login.c and contrib/opie/libopie/login.c, but
that doesn't seem right.


-------------------------------------------------------------------------
Jonathan A. Zdziarski                                NetRail Incorporated
Server Engineering Manager                    230 Peachtree St. Suite 500
jonz@netrail.net                                        Atlanta, GA 30303
http://www.netrail.net                                    (888) - NETRAIL
-------------------------------------------------------------------------