Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 15 Sep 1995 14:18:06 -0600
From:      Nate Williams <nate@rocky.sri.MT.net>
To:        security@Freebsd.org, core@Freebsd.org
Subject:   forwarded message from Grant Haidinyak
Message-ID:  <199509152018.OAA17249@rocky.sri.MT.net>
index | next in thread | raw e-mail 

------- start of forwarded message (RFC 934 encapsulation) -------
[ Quick background.  Grant has been experiencing a bug whereby folks are
re-connected to login which were abruptly dis-connected from a machine.
This is a *HUGE* security hole if it is indeed true. ]

From: Grant Haidinyak <grant@iwv.com>
To: "Nate Williams" <nate@sneezy.sri.com>
Cc: grant@iwv.com
Subject: Re: PTY's reused to quickly 
Date: Fri, 15 Sep 1995 11:32:43 -0700

Nate,

Actually, this one of the early bugs with BSD 4.2. I didn't want to
post an article with a subject "HUGE Security Hole in FreeBSD, Watch
Out!!!!!!". This tends to attract to much attention.

Anywho, here's my environment, and the symptoms I'm seeing.

1) A box running FreeBSD 2.0.5 Release (off the cdrom). This box is
      named "cow"
   a 16 port Boca serial card/box.
   10 Development computers hooked up to the Boca board.
   
2) People rlogin into cow, then tip into one of the development
   systems, do their work, then when they finish, they type ~. to
   exit from the tip session. Unfortunatly, these characters are
   intercepted by the rlogin, which drops the login session before
   the tip session is killed. Then when someone else rlogins, it
   seems like the old pty is selected, instead of a new one, because
   the output of the new session and the old session are
   intermingled and the input seems to alternate between the two
   sessions.

My speculation is that when the rlogin session goes away, it doesn't
clean up the session correctly, which causes the pty to stay active,
then when a new pty needs to be picked for a new rlogin session, the
login task (rlogind) picks the next pty in the line, not knowing
that the session wasn't cleaned up completely.

If you want anymore information, let me know.


grant
------- end -------
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509152018.OAA17249>