RE: login security bug

From: Reg Quinton (reggers@ist.uwaterloo.ca)
Date: 12/14/01


From: "Reg Quinton" <reggers@ist.uwaterloo.ca>
To: "'James Lick'" <jlick@drivel.com>, <focus-sun@securityfocus.com>
Date: Fri, 14 Dec 2001 15:41:32 -0500

I posted this to the unisog mailing list and *believe* it might help:
---------------
At http://ist.uwaterloo.ca/~reggers/drafts/login.wrapper I've whipped up
a front-end replacement for /usr/bin/login (in perl) that might help us.
It's brain dead dumb but should protect login enough while we await
vendor fixes.

I've tested on Solaris 8 with telnet and rlogin -- it seems to work
fine.

I'm interested in comments -- good, bad or indifferent.



Relevant Pages