From owner-freebsd-bugs Sun Dec 22 06:38:59 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id GAA05177 for bugs-outgoing; Sun, 22 Dec 1996 06:38:59 -0800 (PST) Received: (from joerg@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id GAA05158; Sun, 22 Dec 1996 06:38:49 -0800 (PST) Date: Sun, 22 Dec 1996 06:38:49 -0800 (PST) From: Joerg Wunsch Message-Id: <199612221438.GAA05158@freefall.freebsd.org> To: ciaran@aldhfn.aldhfn.org, joerg, freebsd-bugs Subject: Re: bin/2092 Sender: owner-bugs@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Synopsis: rlogind not using passwords State-Changed-From-To: open-feedback State-Changed-By: joerg State-Changed-When: Sun Dec 22 15:10:13 MET 1996 State-Changed-Why: The behaviour described in this PR cannot be seen on any other FreeBSD system around. Please make sure that your sysstem has not been hacked. Try adding some debugging syslog() lines to rlogind, to make sure what's happening. REplace the function do_rlogin() in /usr/src/libexec/rlogind/rlogind.c with: int do_rlogin(dest) struct sockaddr_in *dest; { int rv; getstr(rusername, sizeof(rusername), "remuser too long"); getstr(lusername, sizeof(lusername), "locuser too long"); getstr(term+ENVSIZE, sizeof(term)-ENVSIZE, "Terminal type too long"); pwd = getpwnam(lusername); if (pwd == NULL) return (-1); /* XXX why don't we syslog() failure? */ rv = (iruserok(dest->sin_addr.s_addr, pwd->pw_uid == 0, rusername, lusername)); syslog(LOG_DEBUG, "do_rlogin(): from %s, ruser %s, luser %s, iruserok(): %d", inet_ntoa(dest->sin_addr.s_addr), rusername, lusername, rv); return (rv); } Make sure to catch the syslog output somewhere, prefarably on another host. You might want to make the logging conditional on some username or IP address.