Date: Mon, 20 Aug 2001 20:40:37 -0700 (PDT) From: Tom <tom@uniserve.com> To: Eugene Grosbein <eugen@svzserv.kemerovo.su> Cc: stable@freebsd.org Subject: Re: stale entries in utmp (security issue?) Message-ID: <Pine.BSF.4.10.10108202039170.62960-100000@athena.uniserve.ca> In-Reply-To: <3B81D71B.B099197F@svzserv.kemerovo.su>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 21 Aug 2001, Eugene Grosbein wrote: > Hi! > > 1. login as root > 2. type 'login -f username' when username is valid name of user that is > not logged now > 3. type 'logout' > 4. Now you are root but command 'w' does not say so (security?) > 5. type 'logout' > 6. Now command 'w' says user 'username' is still logged but it has no > processes. Since the root user can just delete the utmp file, there is not too much to be done about this. Some UNIX systems have gone to a utmp API and an utmp server to maintain the logged in user state better. Tom To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10108202039170.62960-100000>