From owner-freebsd-questions@FreeBSD.ORG Sun Mar 5 10:59:54 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E4D516A420 for ; Sun, 5 Mar 2006 10:59:54 +0000 (GMT) (envelope-from freebsd@orchid.homeunix.org) Received: from orchid.homeunix.org (ave202.neoplus.adsl.tpnet.pl [83.27.38.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5744443D4C for ; Sun, 5 Mar 2006 10:59:53 +0000 (GMT) (envelope-from freebsd@orchid.homeunix.org) Received: from [192.168.1.66] (blackacidevil.orchid.homeunix.org [192.168.1.66]) (authenticated bits=0) by orchid.homeunix.org (8.13.4/8.13.4) with ESMTP id k25Axbqg086378 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO); Sun, 5 Mar 2006 11:59:43 +0100 (CET) (envelope-from freebsd@orchid.homeunix.org) Message-ID: <440AC491.8040904@orchid.homeunix.org> Date: Sun, 05 Mar 2006 11:59:29 +0100 From: Karol Kwiatkowski User-Agent: Thunderbird 1.5 (X11/20060112) MIME-Version: 1.0 To: Oliver Leitner References: <4408D4D3.4030102@t-hosting.hu> <440A05B0.6070903@gmx.at> <440A10A5.5060205@t-hosting.hu> <440A1443.3090205@orchid.homeunix.org> <440A1795.3030904@gmx.at> In-Reply-To: <440A1795.3030904@gmx.at> X-Enigmail-Version: 0.94.0.0 OpenPGP: id=06E09309; url=http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigD25C6BD020E5722E7EF4846F" X-Virus-Scanned: ClamAV 0.88/1314/Sat Mar 4 14:39:05 2006 on orchid.homeunix.org X-Virus-Status: Clean Cc: Giorgos Keramidas , =?ISO-8859-15?Q?K=F6vesd=E1n_G=E1bor?= , freebsd-questions@freebsd.org Subject: Re: Where am I? :) X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd@orchid.homeunix.org List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Mar 2006 10:59:54 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigD25C6BD020E5722E7EF4846F Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable [format recovered] Oliver Leitner wrote: > Karol Kwiatkowski schrieb: >>> K=F6vesd=E1n G=E1bor wrote: >>> >>>> I don't use any log cleaner, I triggered this accidentally. Please r= ead >>>> the whole thread if you're interested or see this: >>>> http://www.freebsd.org/cgi/query-pr.cgi?pr=3D94060 >>>> >>>> Gabor Kovesdan >>> >>> Looks similar to this: >>> >>> http://lists.freebsd.org/pipermail/freebsd-questions/2004-December/06= 8201.html >>> >>> Regards, >>> >>> Karol >>> >=20 > Well, it could have different reasons then: >=20 > 1. your box has been hacked, and you have a somewhat crippled login or > shell, try to replace that things with clean ones. >=20 > 2. maybe there is something wrong with memory mapping, eventually diag > your ram, or build a new "kernel". >=20 > 3. its just one of those accidently things that happen every 10 years > once... Very unlikely for various reasons: - it wasn't me who reported it back then (my post was basically "me too")= - this is a test machine with one user, no direct connection, no daemons except secured ssh, rebuilding world every other day - the machine was running 5.x back then, now 6.1-PRERELEASE and I can reproduce this; in fact I can do that on 6.0-RELEASE, too: [the same procedure Gabor Kovesdan wrote, only it seems 'login as fake user' step is not needed] % karol@blackacidevil$ ssh -p 722 orchid % Password: % Last login: Sat Mar 4 12:05:43 2006 from blackacidevil.o % [...motd skiped...] % karol@orchid$ uname -sr % FreeBSD 6.0-RELEASE-p2 % karol@orchid$ w % 11:31AM up 11 days, 9:24, 1 user, load averages: 0.29, 0.21, 0.17 % USER TTY FROM LOGIN@ IDLE WHAT % karol p0 blackacidevil.or 11:31AM - w % karol@orchid$ login % login: karol % Last login: Sun Mar 5 11:31:22 from blackacidevil.o % [...motd skiped...] % karol@orchid$ w % 11:32AM up 11 days, 9:25, 1 user, load averages: 0.11, 0.17, 0.16 % USER TTY FROM LOGIN@ IDLE WHAT % karol p0 - 11:32AM - w % karol@orchid$ exit % karol@orchid$ w % 11:32AM up 11 days, 9:25, 0 users, load averages: 0.11, 0.17, 0.16 % USER TTY FROM LOGIN@ IDLE WHAT % karol@orchid$ Here, I disappeared from 'w's output. Root can't see me too: % karol@orchid$ su - % Password: % orchid: Yes, Master? w % 11:35AM up 11 days, 9:28, 0 users, load averages: 0.53, 0.26, 0.19 % USER TTY FROM LOGIN@ IDLE WHAT Here's what last(1) prints: % orchid: Yes, Master? last % karol ttyp0 Sun Mar 5 11:32 - 11:32 (00:00) % karol ttyp0 192.168.1.66 Sun Mar 5 11:31 - 11:32 (00:00) % [...] % orchid: Yes, Master? It seems login(1) simply records "user logged out" the moment he's logged in the second time (sorry, I'm not native English speaker ;) ) The reason I didn't send any PR back then I didn't know if it's a bug or feature. Since there was virtually no response from list I assumed it's not a bug (at least not a serious one) and I just made a personal note: "don't use w(1), who(1), last(1) or /var/log/wtmp". Best regards, Karol --=20 Karol Kwiatkowski GPGKey: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc --------------enigD25C6BD020E5722E7EF4846F Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFECsSZezeoPAwGIYsRAmJNAJ9Wdc4JMb+OQzJbv91UwwdObzwACgCgu8NF KCx0ffkOd4eJjmGjf/jtepk= =LwcF -----END PGP SIGNATURE----- --------------enigD25C6BD020E5722E7EF4846F--