From owner-freebsd-stable Mon Aug 20 21: 0:49 2001 Delivered-To: freebsd-stable@freebsd.org Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80]) by hub.freebsd.org (Postfix) with ESMTP id 0A91B37B403 for ; Mon, 20 Aug 2001 21:00:46 -0700 (PDT) (envelope-from eugen@svzserv.kemerovo.su) Received: from svzserv.kemerovo.su (kost [213.184.65.82]) by www.svzserv.kemerovo.su (8.9.3/8.9.3) with ESMTP id MAA61241; Tue, 21 Aug 2001 12:00:34 +0800 (KRAST) (envelope-from eugen@svzserv.kemerovo.su) Message-ID: <3B81DCE0.FA04FA74@svzserv.kemerovo.su> Date: Tue, 21 Aug 2001 12:00:32 +0800 From: Eugene Grosbein Organization: SVZServ X-Mailer: Mozilla 4.76 [en] (Win95; U) X-Accept-Language: ru,en MIME-Version: 1.0 To: Tom Cc: stable@FreeBSD.ORG Subject: Re: stale entries in utmp (security issue?) References: Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG > > 4. Now you are root but command 'w' does not say so (security?) > > 5. type 'logout' > > 6. Now command 'w' says user 'username' is still logged but it has no > > processes. > > Since the root user can just delete the utmp file, there is not too much > to be done about this. Some UNIX systems have gone to a utmp API and an > utmp server to maintain the logged in user state better. How can root fix utmp safely without touching other working users? Eugene Grosbein To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message