secuirty bug with /etc/login.access
Tig
tigger at onemoremonkey.com
Wed Feb 18 17:02:30 PST 2004
/etc/login.access does not work 100% over ssh.
I have the following line in login.access
-:ray:ALL EXCEPT LOCAL
Which I believe means the user 'ray' can not login from anywhere unless
it is a local login.
So, I tested it over ssh from a remote box
tigger at piglet:~% ssh ray at sonic.cbnmediaX.com.au
Password:
Password:
Password:
ray at sonic.cbnmediaX.com.au's password:
Last login: Sat Feb 14 12:29:45 2004 from dsl-38.226.240.
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights
reserved.
FreeBSD 5.2-RELEASE-p2 (SONIC) #1: Sun Feb 8 01:18:08 EST 2004
(I'm 100% sure I typed the password correct each time)
As you can see, I'm denied access each time until the 'ray at sonic...'
option is presented, then I'm allowed in.
I personally think this is a security hole but I'm happy to admit it
could be a configuration issue at my end. Please let me know if its a
problem at my end.
Thanks for your time.
-Tig
More information about the freebsd-security
mailing list