Re: Disable Login

From: Lawrence Sica (lomifeh@earthlink.net)
Date: 06/19/02


Date: Tue, 18 Jun 2002 18:33:43 -0700
From: Lawrence Sica <lomifeh@earthlink.net>
To: Fernando Gleiser <fgleiser@cactus.fi.uba.ar>

Fernando Gleiser wrote:
> On Tue, 18 Jun 2002, Alex Michlin wrote:
>
>
>>I remember seeing a FreeBSD advisory on a bug in login. Now, for the
>>real story... What is behind this is: I just downloaded the latest Saint
>>version and ran it against a server. It said there login was vunerable.
>>I'm not sure how it knows if there is a bug or just information (but it is
>>listed under the critical section).
>
>
> saint checks wheter the login *service* (512/tcp, a.k.a rlogin) is runing,
> it doesn't check for vulnerabilities in the login *program* (/usr/bin/login)
>
> rlogin is insecure because it sends everyting in cleartext and may be
> vulnerable to ip spoofing if you use .rhosts for authentication.
> Just coment it out in inetd.conf and use ssh instead.
>
>
> Fer
>
>
>>Thanks again,
>>
>>Alex
>>
>>On Tue, 18 Jun 2002, Eric F Crist wrote:
>>
>>
>>>What kind of a bug in login are you seeing? If you completely disable
>>>the login utility, you would not be able to logon locally, which could
>>>make an upgrade difficult. If you simply want to disable logon for
>>>specific users, simply set their shell to /etc/nologin or some other
>>>non-existent file/shell.
>>>
>>>HTH
>>>
>>>Eric F Crist
>>>President/Sys Admin
>>>AdTech Integrated Systems, Inc
>>>http://www.adtechintegrated.com
>>>
>>>
>>>-----Original Message-----
>>>From: owner-freebsd-security@FreeBSD.ORG
>>>[mailto:owner-freebsd-security@FreeBSD.ORG] On Behalf Of Alex Michlin
>>>Sent: Tuesday, June 18, 2002 2:23 PM
>>>To: freebsd-security@FreeBSD.ORG
>>>Subject: Disable Login
>>>
>>>I have a FreeBSD 4.2 server with a bug in login. I cannot reboot the
>>>server to upgrade the os (make world...). As a temporary fix, can I
>>>chmod
>>>000 logon or possibly even remove it completely? Should everything
>>>function correctly? (OpenSSH mainly)?
>>>

You can disable Login being used by ssh...edit the /etc/ssh/sshd_config
file UseLogin must be set to no.

--Larry

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message



Relevant Pages

  • RE: Disable Login
    ... I remember seeing a FreeBSD advisory on a bug in login. ... > the login utility, you would not be able to logon locally, which could ...
    (FreeBSD-Security)
  • RE: Disable Login
    ... On Tue, 18 Jun 2002, Alex Michlin wrote: ... > I remember seeing a FreeBSD advisory on a bug in login. ... It said there login was vunerable. ...
    (FreeBSD-Security)
  • Strange message: Text file busy.
    ... > sh somescript ... log out and than login again I can run it: ... Is it a bug in FreeBSD 5.4? ...
    (freebsd-current)
  • [kde] Re: Possible bug in kwin or ??
    ... FWIW, I'm not sure if that's a general "your", directed at any kde ... If it offends someone to the extent that the bug handling ... Browser cookies do expire. ... By logging it at the actual login page each time, ...
    (KDE)
  • [kde] Re: Possible bug in kwin or ??
    ... FWIW, I'm not sure if that's a general "your", directed at any kde people ... If it offends someone to the extent that the bug handling ... FWIW, for bug databases at least, I let the browser remember my login info ...
    (KDE)