From owner-freebsd-bugs@FreeBSD.ORG Sat Mar 4 11:50:06 2006 Return-Path: X-Original-To: freebsd-bugs@hub.freebsd.org Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 926A916A420 for ; Sat, 4 Mar 2006 11:50:06 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 03FB143D49 for ; Sat, 4 Mar 2006 11:50:05 +0000 (GMT) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.13.4/8.13.4) with ESMTP id k24Bo53k014648 for ; Sat, 4 Mar 2006 11:50:05 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.13.4/8.13.4/Submit) id k24Bo5q6014647; Sat, 4 Mar 2006 11:50:05 GMT (envelope-from gnats) Resent-Date: Sat, 4 Mar 2006 11:50:05 GMT Resent-Message-Id: <200603041150.k24Bo5q6014647@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Gabor Kovesdan Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 87FB416A422 for ; Sat, 4 Mar 2006 11:42:56 +0000 (GMT) (envelope-from tux@server.t-hosting.hu) Received: from server.t-hosting.hu (server.t-hosting.hu [217.20.133.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1A1A943D48 for ; Sat, 4 Mar 2006 11:42:55 +0000 (GMT) (envelope-from tux@server.t-hosting.hu) Received: from localhost (localhost [127.0.0.1]) by server.t-hosting.hu (Postfix) with ESMTP id C62CE9974D5; Sat, 4 Mar 2006 12:42:53 +0100 (CET) Received: from server.t-hosting.hu ([127.0.0.1]) by localhost (server.t-hosting.hu [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 22651-02; Sat, 4 Mar 2006 12:42:50 +0100 (CET) Received: by server.t-hosting.hu (Postfix, from userid 1001) id 609DB997488; Sat, 4 Mar 2006 12:42:50 +0100 (CET) Message-Id: <20060304114250.609DB997488@server.t-hosting.hu> Date: Sat, 4 Mar 2006 12:42:50 +0100 (CET) From: Gabor Kovesdan To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Gabor Kovesdan Subject: bin/94060: Users can hide themselves with a trick X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Gabor Kovesdan List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Mar 2006 11:50:06 -0000 >Number: 94060 >Category: bin >Synopsis: Users can hide themselves with a trick >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sat Mar 04 11:50:05 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Gabor Kovesdan >Release: FreeBSD 5.3-RELEASE-p17 amd64 >Organization: n/a >Environment: >Description: Here, you can see that I logged in via ssh: Last login: Sat Mar 4 12:28:28 2006 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.3-RELEASE-p17 (FREEBSD) #0: Mon Jul 4 20:23:15 CEST 2005 [motd snipped] tux@server$ w 12:28PM up 82 days, 21:53, 2 users, load averages: 0.16, 0.07, 0.02 USER TTY FROM LOGIN@ IDLE WHAT [snip] tux p1 catv-5062e7e3.ca 12:28PM - w As I type w, I can see myself logged in. The system recognizes my host, too. Now, here comes the trick. I run login with any parameter, even a non-existent user. I specify a wrong password and then I log in with my account I used by ssh login. In this case this login name is tux. I don't have to specify my password in this case, of course, because I started login with uid tux. tux@server$ login some_fake_user Password: Login incorrect login: tux Last login: Sat Mar 4 12:28:54 from catv-5062e7e3.c Copyright (c) 1992-2004 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.3-RELEASE-p17 (FREEBSD) #0: Mon Jul 4 20:23:15 CEST 2005 [motd snipped] tux@server$ w 12:29PM up 82 days, 21:53, 2 users, load averages: 0.11, 0.06, 0.02 USER TTY FROM LOGIN@ IDLE WHAT [snip] tux p1 - 12:29PM - w My host has gone away... Now, I type exit, to quit from this new session, but my first session will remain: tux@server$ exit logout tux@server$ w 12:29PM up 82 days, 21:53, 1 user, load averages: 0.10, 0.06, 0.02 USER TTY FROM LOGIN@ IDLE WHAT yare p0 183-61-31.ip.ads 12:03PM 25 - tux@server$ whoami tux tux@server$ who am i tux ttyp1 Mar 4 12:29 tux@server$ Now, I disappeard, and I can do anything. Other users won't see that I even logged in. I don't know whether it's a bug or it's the normal behavior, but I think it should be changed. I don't think it is critical but it might be used for some kind of abusing. I haven't tried it locally, just with ssh, but I suppose it will work locally, too. >How-To-Repeat: Follow the steps above. >Fix: >Release-Note: >Audit-Trail: >Unformatted: