Date: Wed, 14 Jul 1999 20:28:02 -0500 From: "Matthew D. Fuller" <fullermd@futuresouth.com> To: Evren Yurtesen <yurtesen@ispro.net.tr> Cc: John Preisler <john@vapornet.net>, Anil Jangity <aj@entic.net>, "'freebsd-security@freebsd.org '" <freebsd-security@FreeBSD.ORG> Subject: Re: weird w report? Message-ID: <19990714202802.P28335@futuresouth.com> In-Reply-To: <378CDBC2.7EDF748C@ispro.net.tr>; from Evren Yurtesen on Wed, Jul 14, 1999 at 09:49:39PM %2B0300 References: <D57D3E9BF7C1D211884400805F77AC7DFE37E4@sf1-mail01> <Pine.BSF.4.10.9907141056340.12810-100000@shell.entic.net> <14220.54680.327151.509940@habanero.chili-pepper.net> <378CDBC2.7EDF748C@ispro.net.tr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jul 14, 1999 at 09:49:39PM +0300, a little birdie told me
that Evren Yurtesen remarked
> well, how come that can happen if that user does not have a process
> running?
> and in my previous email I told that the same thing happened to me,
> the user who was in w but had no process was myself!
> and I am sure that I did not use screen command, also it is not
> even installed on my system.
I see bogus utmp entries from time to time. Screen seems to be the most
obvious culprit, though I think ssh[d] might do something strange if a
certain disconnect situation occurs.
See the following program (which I've found useful for other things as
well). Note the utter lack of error checking, etc. It just works.
Compile as: cc -lutil -o utmprem utmprem.c
Invoke as: ./utmprem <tty>
For instance: ./utmprem ttypj
/*
* utmprem.c
* Remove an entry from utmp
* Compile as:
* cc -lutil -Wall -o utmprem utmprem.c
*/
#include <sys/types.h>
#include <libutil.h>
#include <errno.h>
#include <err.h>
int
main(int argc, char *argv[])
{
argv++;
if(!(logout(*argv)))
err(errno, "Oops");
return(0);
}
--
Matthew Fuller (MF4839) | fullermd@over-yonder.net
Unix Systems Administrator | fullermd@futuresouth.com
Specializing in FreeBSD | http://www.over-yonder.net/
FutureSouth Communications | ISPHelp ISP Consulting
"The only reason I'm burning my candle at both ends, is because I
haven't figured out how to light the middle yet"
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990714202802.P28335>