bin/94060: Users can hide themselves with a trick

Mars G. Miro marsgmiro at gmail.com
Sun Mar 5 23:20:09 PST 2006


The following reply was made to PR bin/94060; it has been noted by GNATS.

From: "Mars G. Miro" <marsgmiro at gmail.com>
To: bug-followup at FreeBSD.org, gabor.kovesdan at t-hosting.hu, 
	keramida at ceid.upatras.gr
Cc:  
Subject: Re: bin/94060: Users can hide themselves with a trick
Date: Mon, 6 Mar 2006 15:16:24 +0800

 Greetz!
 
 This problem can be 100% reproduced if you're using 'sh', or invoking 'sh' =
 if
 you're using another shell, prior to the 'login' trick, at least in all of =
 the
 machines I have tested and on 5.4X and RELENG_6 as of Mar  3 13:57:47 PHT 2=
 006,
 e.g:
 
 In this case, my shell is csh, but this problem does not manifest itself:
 
 mars at mars:~> ssh XXXXXXXX
 OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7e-p1 25 Oct 2004
 debug1: Reading configuration data /etc/ssh/ssh_config
 ...
 
 FreeBSD 6.1-PRERELEASE (GENERIC) #0: Fri Mar  3 13:57:47 PHT 2006
 
 Welcome to FreeBSD!
 
 ...
 
 mars at 61XXX:~> finger
 Login            Name                 TTY  Idle  Login  Time   Office  Phon=
 e
 mars             mars                 p0         Mon    14:51
 mars at 61XXX:~> login
 login: mars
 Last login: Mon Mar  6 14:51:36 from XXXX
 
 ...
 
 FreeBSD 6.1-PRERELEASE (GENERIC) #0: Fri Mar  3 13:57:47 PHT 2006
 
 Welcome to FreeBSD!
 
 ...
 
 mars at 61XXX:~> exit
 debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
 logout
 debug1: channel 0: free: client-session, nchannels 1
 Connection to XXXXX closed.
 debug1: Transferred: stdin 0, stdout 0, stderr 34 bytes in 16.9 seconds
 debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 2.0
 debug1: Exit status 0
 
 Here when i 'exit'ed, I got logged off from the remote machine/ssh
 session terminated.
 
 But notice if I spawn an 'sh' shell prior to 'login':
 
 
 mars at mars:~> ssh XXXXXXXX
 OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7e-p1 25 Oct 2004
 debug1: Reading configuration data /etc/ssh/ssh_config
 ...
 
 FreeBSD 6.1-PRERELEASE (GENERIC) #0: Fri Mar  3 13:57:47 PHT 2006
 
 Welcome to FreeBSD!
 
 ...
 
 mars at 61XXX:~> sh
 $ login
 login: mars
 Last login: Mon Mar  6 14:51:56 from XXXXX
 Copyright (c) 1992-2006 The FreeBSD Project.
 Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
         The Regents of the University of California. All rights reserved.
 
 FreeBSD 6.1-PRERELEASE (GENERIC) #0: Fri Mar  3 13:57:47 PHT 2006
 
 Welcome to FreeBSD!
 
 ...
 
 mars at 61XXX:~> finger
 Login            Name                 TTY  Idle  Login  Time   Office  Phon=
 e
 mars             mars                 p0         Mon    14:52
 mars at 61XXX:~> w
  2:52PM  up 2 days, 22:30, 1 user, load averages: 0.00, 0.00, 0.00
 USER             TTY      FROM              LOGIN@  IDLE WHAT
 mars             p0       -                 2:52PM     - w
 mars at 61XXX:~> exit
 logout
 $ w
  2:52PM  up 2 days, 22:30, 0 users, load averages: 0.00, 0.00, 0.00
 USER             TTY      FROM              LOGIN@  IDLE WHAT
 $ exit
 mars at 61XXX:~> w
  2:52PM  up 2 days, 22:30, 0 users, load averages: 0.00, 0.00, 0.00
 USER             TTY      FROM              LOGIN@  IDLE WHAT
 
 At the same time, what shows up in /var/log/auth.log:
 
 Mar  6 14:51:53 61XXX sshd[10866]: syslogin_perform_logout: logout()
 returned an error
 
 mars at 61XXX:~> uname -a
 FreeBSD 61XXX.XXXXXXXXXXXXX 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #0:
 Fri Mar  3 13:57:47 PHT 2006   =20
 root at 61XXX.XXXXXXX:/usr/obj/usr/src/sys/GENERIC  amd64
 mars at 61XXX:~> finger
 No one logged on.
 
 
 
 cheers
 mars


More information about the freebsd-bugs mailing list