[format recovered] Oliver Leitner wrote: > Karol Kwiatkowski schrieb: >>> Kövesdán Gábor wrote: >>> >>>> I don't use any log cleaner, I triggered this accidentally. Please read >>>> the whole thread if you're interested or see this: >>>> http://www.freebsd.org/cgi/query-pr.cgi?pr=94060 >>>> >>>> Gabor Kovesdan >>> >>> Looks similar to this: >>> >>> http://lists.freebsd.org/pipermail/freebsd-questions/2004-December/068201.html >>> >>> Regards, >>> >>> Karol >>> > > Well, it could have different reasons then: > > 1. your box has been hacked, and you have a somewhat crippled login or > shell, try to replace that things with clean ones. > > 2. maybe there is something wrong with memory mapping, eventually diag > your ram, or build a new "kernel". > > 3. its just one of those accidently things that happen every 10 years > once...
Very unlikely for various reasons: - it wasn't me who reported it back then (my post was basically "me too") - this is a test machine with one user, no direct connection, no daemons except secured ssh, rebuilding world every other day - the machine was running 5.x back then, now 6.1-PRERELEASE and I can reproduce this; in fact I can do that on 6.0-RELEASE, too: [the same procedure Gabor Kovesdan wrote, only it seems 'login as fake user' step is not needed] % [EMAIL PROTECTED] ssh -p 722 orchid % Password: % Last login: Sat Mar 4 12:05:43 2006 from blackacidevil.o % [...motd skiped...] % [EMAIL PROTECTED] uname -sr % FreeBSD 6.0-RELEASE-p2 % [EMAIL PROTECTED] w % 11:31AM up 11 days, 9:24, 1 user, load averages: 0.29, 0.21, 0.17 % USER TTY FROM LOGIN@ IDLE WHAT % karol p0 blackacidevil.or 11:31AM - w % [EMAIL PROTECTED] login % login: karol % Last login: Sun Mar 5 11:31:22 from blackacidevil.o % [...motd skiped...] % [EMAIL PROTECTED] w % 11:32AM up 11 days, 9:25, 1 user, load averages: 0.11, 0.17, 0.16 % USER TTY FROM LOGIN@ IDLE WHAT % karol p0 - 11:32AM - w % [EMAIL PROTECTED] exit % [EMAIL PROTECTED] w % 11:32AM up 11 days, 9:25, 0 users, load averages: 0.11, 0.17, 0.16 % USER TTY FROM LOGIN@ IDLE WHAT % [EMAIL PROTECTED] Here, I disappeared from 'w's output. Root can't see me too: % [EMAIL PROTECTED] su - % Password: % orchid: Yes, Master? w % 11:35AM up 11 days, 9:28, 0 users, load averages: 0.53, 0.26, 0.19 % USER TTY FROM LOGIN@ IDLE WHAT Here's what last(1) prints: % orchid: Yes, Master? last % karol ttyp0 Sun Mar 5 11:32 - 11:32 (00:00) % karol ttyp0 192.168.1.66 Sun Mar 5 11:31 - 11:32 (00:00) % [...] % orchid: Yes, Master? It seems login(1) simply records "user logged out" the moment he's logged in the second time (sorry, I'm not native English speaker ;) ) The reason I didn't send any PR back then I didn't know if it's a bug or feature. Since there was virtually no response from list I assumed it's not a bug (at least not a serious one) and I just made a personal note: "don't use w(1), who(1), last(1) or /var/log/wtmp". Best regards, Karol -- Karol Kwiatkowski <freebsd at orchid dot homeunix dot org> GPGKey: http://www.orchid.homeunix.org/carlos/gpg/0x06E09309.asc
signature.asc
Description: OpenPGP digital signature
