From owner-freebsd-stable@FreeBSD.ORG  Wed Jul 14 17:05:07 2004
Return-Path: <owner-freebsd-stable@FreeBSD.ORG>
Delivered-To: freebsd-stable@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id BCE5616A4CF
	for <freebsd-stable@freebsd.org>;
	Wed, 14 Jul 2004 17:05:07 +0000 (GMT)
Received: from xraided.net (xraided.net [66.88.26.15])
	by mx1.FreeBSD.org (Postfix) with ESMTP id A618E43D31
	for <freebsd-stable@freebsd.org>;
	Wed, 14 Jul 2004 17:05:02 +0000 (GMT)
	(envelope-from kyle@xraided.net)
Received: from [168.103.174.29] (account kyle HELO kyle)
  by xraided.net (CommuniGate Pro SMTP 4.1.8)
  with ESMTP id 1814062; Wed, 14 Jul 2004 10:05:02 -0700
From: "Kyle Mott" <kyle@xraided.net>
To: "'Doug White'" <dwhite@gumbysoft.com>
Date: Wed, 14 Jul 2004 10:04:56 -0700
Message-ID: <000401c469c4$b0ec5000$150ba8c0@kyle>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.2616
In-Reply-To: <20040713190819.H527@carver.gumbysoft.com>
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Importance: Normal
cc: freebsd-stable@freebsd.org
Subject: RE: Rebuilding wtmp
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Production branch of FreeBSD source code
	<freebsd-stable.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
	<mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Jul 2004 17:05:07 -0000


Hi Doug, thanks for the reply. I found out all I needed to do was
recompile SSH from ports. It now works just fine. Thanks!


 
 
-Kyle Mott

 

> -----Original Message-----
> From: Doug White [mailto:dwhite@gumbysoft.com]
> Sent: Tuesday, July 13, 2004 7:10 PM
> To: Kyle Mott
> Cc: freebsd-stable@freebsd.org
> Subject: Re: Rebuilding wtmp
> 
> On Mon, 12 Jul 2004, Kyle Mott wrote:
> 
> > Hi, I have several systems that report 'w' and 'who'
wrong/corrupted:
> > root@neo:~# w
> > USER             TTY      FROM              LOGIN@  IDLE WHAT
> > kyle             p0       -                31Dec69     - w
> >
> > Obviously, Dec 31st 1969 is not right:
> > root@neo:~# date
> > Mon Jul 12 11:27:15 PDT 2004
> 
> you might make sure your w/who binary hasn't been fiddled with.
Changes
> like this tend to point to a diagreement among utmp/wtmp writers about
the
> file format.
> 
> I've seen this where w was trojaned to mask certain user logins.
> 
> --
> Doug White                    |  FreeBSD: The Power to Serve
> dwhite@gumbysoft.com          |  www.FreeBSD.org