On 6 Mar 1997, Guy Maor wrote: > Craig Sanders <[EMAIL PROTECTED]> writes: > > > mgetty and telnet/ssltelnet trigger it because they call login. ssh > > & wu-ftpd don't trigger it because they don't call login - they do > > their own thing. is that right? > > Correct.
the more i think of it, the more it seems that there's a conflict between "Set A" and "Set B" login-related programs. "Set A" includes mgetty, telnet, getty, and other programs which call /bin/login. "Set B" includes ssh and wu-ftpd and other programs which do their own wtmp updating. Using only Set A programs on a system is fine. Using only Set B programs is fine too. Using both on the same system will cause the corruption. i think this is a more accurate summary of what is happening than what i posted last night. > > i think we should immediately change the login package so that > > it doesn't do this - at least until we know for sure how serious > > a problem it is and until we have time to update all relevant > > packages. > > I was looking for an explanation of this denial of service attack. > Maybe I'm being obtuse, but I can't figure out how changing the > location of the flock'd file changes the ability for somebody to lock > it and prevent other logins. Surely it doesn't only apply if there's a > world-writable wtmp? That would be silly. indeed! craig (30 today - according to my partner i am now officially a decrepit old geek rather than a young geek :-)
