Date: Wed, 14 Jul 1999 20:28:02 -0500 From: "Matthew D. Fuller" <fullermd@futuresouth.com> To: Evren Yurtesen <yurtesen@ispro.net.tr> Cc: John Preisler <john@vapornet.net>, Anil Jangity <aj@entic.net>, "'freebsd-security@freebsd.org '" <freebsd-security@FreeBSD.ORG> Subject: Re: weird w report? Message-ID: <19990714202802.P28335@futuresouth.com> In-Reply-To: <378CDBC2.7EDF748C@ispro.net.tr>; from Evren Yurtesen on Wed, Jul 14, 1999 at 09:49:39PM %2B0300 References: <D57D3E9BF7C1D211884400805F77AC7DFE37E4@sf1-mail01> <Pine.BSF.4.10.9907141056340.12810-100000@shell.entic.net> <14220.54680.327151.509940@habanero.chili-pepper.net> <378CDBC2.7EDF748C@ispro.net.tr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 14, 1999 at 09:49:39PM +0300, a little birdie told me that Evren Yurtesen remarked > well, how come that can happen if that user does not have a process > running? > and in my previous email I told that the same thing happened to me, > the user who was in w but had no process was myself! > and I am sure that I did not use screen command, also it is not > even installed on my system. I see bogus utmp entries from time to time. Screen seems to be the most obvious culprit, though I think ssh[d] might do something strange if a certain disconnect situation occurs. See the following program (which I've found useful for other things as well). Note the utter lack of error checking, etc. It just works. Compile as: cc -lutil -o utmprem utmprem.c Invoke as: ./utmprem <tty> For instance: ./utmprem ttypj /* * utmprem.c * Remove an entry from utmp * Compile as: * cc -lutil -Wall -o utmprem utmprem.c */ #include <sys/types.h> #include <libutil.h> #include <errno.h> #include <err.h> int main(int argc, char *argv[]) { argv++; if(!(logout(*argv))) err(errno, "Oops"); return(0); } -- Matthew Fuller (MF4839) | fullermd@over-yonder.net Unix Systems Administrator | fullermd@futuresouth.com Specializing in FreeBSD | http://www.over-yonder.net/ FutureSouth Communications | ISPHelp ISP Consulting "The only reason I'm burning my candle at both ends, is because I haven't figured out how to light the middle yet" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990714202802.P28335>