Date: Fri, 15 Sep 1995 14:18:06 -0600 From: Nate Williams <nate@rocky.sri.MT.net> To: security@Freebsd.org, core@Freebsd.org Subject: forwarded message from Grant Haidinyak Message-ID: <199509152018.OAA17249@rocky.sri.MT.net>
next in thread | raw e-mail | index | archive | help
------- start of forwarded message (RFC 934 encapsulation) -------
[ Quick background. Grant has been experiencing a bug whereby folks are
re-connected to login which were abruptly dis-connected from a machine.
This is a *HUGE* security hole if it is indeed true. ]
From: Grant Haidinyak <grant@iwv.com>
To: "Nate Williams" <nate@sneezy.sri.com>
Cc: grant@iwv.com
Subject: Re: PTY's reused to quickly
Date: Fri, 15 Sep 1995 11:32:43 -0700
Nate,
Actually, this one of the early bugs with BSD 4.2. I didn't want to
post an article with a subject "HUGE Security Hole in FreeBSD, Watch
Out!!!!!!". This tends to attract to much attention.
Anywho, here's my environment, and the symptoms I'm seeing.
1) A box running FreeBSD 2.0.5 Release (off the cdrom). This box is
named "cow"
a 16 port Boca serial card/box.
10 Development computers hooked up to the Boca board.
2) People rlogin into cow, then tip into one of the development
systems, do their work, then when they finish, they type ~. to
exit from the tip session. Unfortunatly, these characters are
intercepted by the rlogin, which drops the login session before
the tip session is killed. Then when someone else rlogins, it
seems like the old pty is selected, instead of a new one, because
the output of the new session and the old session are
intermingled and the input seems to alternate between the two
sessions.
My speculation is that when the rlogin session goes away, it doesn't
clean up the session correctly, which causes the pty to stay active,
then when a new pty needs to be picked for a new rlogin session, the
login task (rlogind) picks the next pty in the line, not knowing
that the session wasn't cleaned up completely.
If you want anymore information, let me know.
grant
------- end -------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199509152018.OAA17249>