broken lastlog?

From: Craig Edwards (brain_at_winbot.co.uk)
Date: 10/24/04

Next message: Chuck Swiger: "Re: Default permissions of /home/user.."

Previous message: Jesper Wallin: "Re: Default permissions of /home/user.."
In reply to: Jesper Wallin: "Re: Default permissions of /home/user.."
Next in thread: Chuck Swiger: "Re: Default permissions of /home/user.."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sun, 24 Oct 2004 18:15:27 +0100
To: freebsd-security@freebsd.org

Hi.

on freebsd 5.2.1 i managed to break my lastlog by repeatedly issuing
'date' commands. Im not sure how this happened but by issuing a command
to set the date in an infinite while loop (i was attempting to break the
restriction of setting the time to +/- 1 second in securelevel 2), you
can end up with a lastlog like the following:

[root@machine:username]$ last
username ttyp2 4.1.2.3 Sun Oct 24 16:06 still logged in
date { Fri Dec 13 20:45
date | Sun Oct 24 15:00
username2 ttyp2 1.2.3.4 Sun Oct 24 01:01 - 02:33 (01:31)

etc etc...
this output is sanitized so not to contain real data. The real test was
done as root, so far i've not been able to pin this down. Has anyone
seen this before and is it fixed in later versions?

Thanks,
Craig Edwards

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Next message: Chuck Swiger: "Re: Default permissions of /home/user.."

Previous message: Jesper Wallin: "Re: Default permissions of /home/user.."
In reply to: Jesper Wallin: "Re: Default permissions of /home/user.."
Next in thread: Chuck Swiger: "Re: Default permissions of /home/user.."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]