Your message dated Tue, 15 Apr 2008 22:49:58 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Re: Bug#474933: root not logged out upon login, just stacks 
shell
has caused the Debian Bug report #474933,
regarding root not logged out upon login, just stacks shell
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
474933: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=474933
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: login
Version: 1:4.1.1-1

I discovered that now in addition to the broken

  $ login
  No utmp entry.  You must exec "login" from the lowest level "sh"

for regular users. Now for root: he has unlimited power to

# login

That's right, piling up shells,

  |-login --
  |   `-bash
  |       `-login
  |           `-bash
  |              `-pstree -a

because

       Typically, login is treated by the shell as exec login which
       causes the user to exit from the current shell.

on the man page is ignored.

Indeed, this is a security issue.
Why?
Because back in University, I could do
# login holmes
and walk away from the terminal, telling Mr. Holmes to continue as
usual.

Now when he is finished and logs out... gasp, a root shell is left
sitting on the terminal!

Or maybe he could just wait until I walked away and hit ^Z:

# login nobody
Password:

Login incorrect
jidanni1 login: ^Z

[1]+  Stopped                 login nobody
#



--- End Message ---
--- Begin Message ---
On Tue, Apr 08, 2008 at 07:55:48AM +0800, [EMAIL PROTECTED] wrote:
> 
> I discovered that now in addition to the broken
> 
>   $ login
>   No utmp entry.  You must exec "login" from the lowest level "sh"

This is not so broken, and was the behavior of login back in Sarge.

> for regular users. Now for root: he has unlimited power to
[...]
> Indeed, this is a security issue.
> Why?
> Because back in University, I could do
> # login holmes
> and walk away from the terminal, telling Mr. Holmes to continue as
> usual.
> 
> Now when he is finished and logs out... gasp, a root shell is left
> sitting on the terminal!
> 
> Or maybe he could just wait until I walked away and hit ^Z:
> 
> # login nobody
> Password:
> 
> Login incorrect
> jidanni1 login: ^Z
> 
> [1]+  Stopped                 login nobody
> #

This was also the behavior of login when called by root on Sarge
(1:4.0.3-31sarge9)

I doubt there has been some changes since 3 years.
I don't know if that behavior changed earlier.

The main change since Sarge is that login is no more set-uid, hence
calling login from a regular user is not really useful.


I don't really see a security issue in login here. Thus I'm closing the
bug.

Regards,
-- 
Nekral


--- End Message ---

Reply via email to