bin/94060: Users can hide themselves with a trick
Mars G. Miro
marsgmiro at gmail.com
Sun Mar 5 23:20:09 PST 2006
The following reply was made to PR bin/94060; it has been noted by GNATS.
From: "Mars G. Miro" <marsgmiro at gmail.com>
To: bug-followup at FreeBSD.org, gabor.kovesdan at t-hosting.hu,
keramida at ceid.upatras.gr
Cc:
Subject: Re: bin/94060: Users can hide themselves with a trick
Date: Mon, 6 Mar 2006 15:16:24 +0800
Greetz!
This problem can be 100% reproduced if you're using 'sh', or invoking 'sh' =
if
you're using another shell, prior to the 'login' trick, at least in all of =
the
machines I have tested and on 5.4X and RELENG_6 as of Mar 3 13:57:47 PHT 2=
006,
e.g:
In this case, my shell is csh, but this problem does not manifest itself:
mars at mars:~> ssh XXXXXXXX
OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7e-p1 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
...
FreeBSD 6.1-PRERELEASE (GENERIC) #0: Fri Mar 3 13:57:47 PHT 2006
Welcome to FreeBSD!
...
mars at 61XXX:~> finger
Login Name TTY Idle Login Time Office Phon=
e
mars mars p0 Mon 14:51
mars at 61XXX:~> login
login: mars
Last login: Mon Mar 6 14:51:36 from XXXX
...
FreeBSD 6.1-PRERELEASE (GENERIC) #0: Fri Mar 3 13:57:47 PHT 2006
Welcome to FreeBSD!
...
mars at 61XXX:~> exit
debug1: client_input_channel_req: channel 0 rtype exit-status reply 0
logout
debug1: channel 0: free: client-session, nchannels 1
Connection to XXXXX closed.
debug1: Transferred: stdin 0, stdout 0, stderr 34 bytes in 16.9 seconds
debug1: Bytes per second: stdin 0.0, stdout 0.0, stderr 2.0
debug1: Exit status 0
Here when i 'exit'ed, I got logged off from the remote machine/ssh
session terminated.
But notice if I spawn an 'sh' shell prior to 'login':
mars at mars:~> ssh XXXXXXXX
OpenSSH_3.8.1p1 FreeBSD-20040419, OpenSSL 0.9.7e-p1 25 Oct 2004
debug1: Reading configuration data /etc/ssh/ssh_config
...
FreeBSD 6.1-PRERELEASE (GENERIC) #0: Fri Mar 3 13:57:47 PHT 2006
Welcome to FreeBSD!
...
mars at 61XXX:~> sh
$ login
login: mars
Last login: Mon Mar 6 14:51:56 from XXXXX
Copyright (c) 1992-2006 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD 6.1-PRERELEASE (GENERIC) #0: Fri Mar 3 13:57:47 PHT 2006
Welcome to FreeBSD!
...
mars at 61XXX:~> finger
Login Name TTY Idle Login Time Office Phon=
e
mars mars p0 Mon 14:52
mars at 61XXX:~> w
2:52PM up 2 days, 22:30, 1 user, load averages: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE WHAT
mars p0 - 2:52PM - w
mars at 61XXX:~> exit
logout
$ w
2:52PM up 2 days, 22:30, 0 users, load averages: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE WHAT
$ exit
mars at 61XXX:~> w
2:52PM up 2 days, 22:30, 0 users, load averages: 0.00, 0.00, 0.00
USER TTY FROM LOGIN@ IDLE WHAT
At the same time, what shows up in /var/log/auth.log:
Mar 6 14:51:53 61XXX sshd[10866]: syslogin_perform_logout: logout()
returned an error
mars at 61XXX:~> uname -a
FreeBSD 61XXX.XXXXXXXXXXXXX 6.1-PRERELEASE FreeBSD 6.1-PRERELEASE #0:
Fri Mar 3 13:57:47 PHT 2006 =20
root at 61XXX.XXXXXXX:/usr/obj/usr/src/sys/GENERIC amd64
mars at 61XXX:~> finger
No one logged on.
cheers
mars
More information about the freebsd-bugs
mailing list