Date: Sun, 05 Mar 2006 11:59:29 +0100 From: Karol Kwiatkowski <freebsd@orchid.homeunix.org> To: Oliver Leitner <Shadow333@gmx.at> Cc: Giorgos Keramidas <keramida@ceid.upatras.gr>, =?ISO-8859-15?Q?K=F6vesd=E1n_G=E1bor?= <gabor.kovesdan@t-hosting.hu>, freebsd-questions@freebsd.org Subject: Re: Where am I? :) Message-ID: <440AC491.8040904@orchid.homeunix.org> In-Reply-To: <440A1795.3030904@gmx.at> References: <4408D4D3.4030102@t-hosting.hu> <440A05B0.6070903@gmx.at> <440A10A5.5060205@t-hosting.hu> <440A1443.3090205@orchid.homeunix.org> <440A1795.3030904@gmx.at>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigD25C6BD020E5722E7EF4846F Content-Type: text/plain; charset=ISO-8859-15 Content-Transfer-Encoding: quoted-printable [format recovered] Oliver Leitner wrote: > Karol Kwiatkowski schrieb: >>> K=F6vesd=E1n G=E1bor wrote: >>> >>>> I don't use any log cleaner, I triggered this accidentally. Please r= ead >>>> the whole thread if you're interested or see this: >>>> http://www.freebsd.org/cgi/query-pr.cgi?pr=3D94060 >>>> >>>> Gabor Kovesdan >>> >>> Looks similar to this: >>> >>> http://lists.freebsd.org/pipermail/freebsd-questions/2004-December/06= 8201.html >>> >>> Regards, >>> >>> Karol >>> >=20 > Well, it could have different reasons then: >=20 > 1. your box has been hacked, and you have a somewhat crippled login or > shell, try to replace that things with clean ones. >=20 > 2. maybe there is something wrong with memory mapping, eventually diag > your ram, or build a new "kernel". >=20 > 3. its just one of those accidently things that happen every 10 years > once... Very unlikely for various reasons: - it wasn't me who reported it back then (my post was basically "me too")= - this is a test machine with one user, no direct connection, no daemons except secured ssh, rebuilding world every other day - the machine was running 5.x back then, now 6.1-PRERELEASE and I can reproduce this; in fact I can do that on 6.0-RELEASE, too: [the same procedure Gabor Kovesdan wrote, only it seems 'login as fake user' step is not needed] % karol@blackacidevil$ ssh -p 722 orchid % Password: % Last login: Sat Mar 4 12:05:43 2006 from blackacidevil.o % [...motd skiped...] % karol@orchid$ uname -sr % FreeBSD 6.0-RELEASE-p2 % karol@orchid$ w % 11:31AM up 11 days, 9:24, 1 user, load averages: 0.29, 0.21, 0.17 % USER TTY FROM LOGIN@ IDLE WHAT % karol p0 blackacidevil.or 11:31AM - w % karol@orchid$ login % login: karol % Last login: Sun Mar 5 11:31:22 from blackacidevil.o % [...motd skiped...] % karol@orchid$ w % 11:32AM up 11 days, 9:25, 1 user, load averages: 0.11, 0.17, 0.16 % USER TTY FROM LOGIN@ IDLE WHAT % karol p0 - 11:32AM - w % karol@orchid$ exit % karol@orchid$ w % 11:32AM up 11 days, 9:25, 0 users, load averages: 0.11, 0.17, 0.16 % USER TTY FROM LOGIN@ IDLE WHAT % karol@orchid$ Here, I disappeared from 'w's output. Root can't see me too: % karol@orchid$ su - % Password: % orchid: Yes, Master? w % 11:35AM up 11 days, 9:28, 0 users, load averages: 0.53, 0.26, 0.19 % USER TTY FROM LOGIN@ IDLE WHAT Here's what last(1) prints: % orchid: Yes, Master? last % karol ttyp0 Sun Mar 5 11:32 - 11:32 (00:00) % karol ttyp0 192.168.1.66 Sun Mar 5 11:31 - 11:32 (00:00) % [...] % orchid: Yes, Master? It seems login(1) simply records "user logged out" the moment he's logged in the second time (sorry, I'm not native English speaker ;) ) The reason I didn't send any PR back then I didn't know if it's a bug or feature. Since there was virtually no response from list I assumed it's not a bug (at least not a serious one) and I just made a personal note: "don't use w(1), who(1), last(1) or /var/log/wtmp". Best regards, Karol --=20 Karol Kwiatkowski <freebsd at orchid dot homeunix dot org> GPGKey: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc --------------enigD25C6BD020E5722E7EF4846F Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2.1 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFECsSZezeoPAwGIYsRAmJNAJ9Wdc4JMb+OQzJbv91UwwdObzwACgCgu8NF KCx0ffkOd4eJjmGjf/jtepk= =LwcF -----END PGP SIGNATURE----- --------------enigD25C6BD020E5722E7EF4846F--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?440AC491.8040904>