Subject: Re: login leaks information w/ skeys
To: None <>
From: Andrew Brown <>
List: tech-security
Date: 07/27/2000 21:44:41
  by with SMTP; 28 Jul 2000 01:44:49 -0000
	by (8.11.0/8.11.0/bonk!) id e6S1igd12041;
	Thu, 27 Jul 2000 21:44:42 -0400 (EDT)
Date: Thu, 27 Jul 2000 21:44:41 -0400
From: Andrew Brown <>
Cc: "Martin J. Laubach" <>,
Subject: Re: login leaks information w/ skeys
Message-ID: <>
Reply-To: Andrew Brown <>
References: <> <>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.4i
In-Reply-To: <>; from on Fri, Jul 28, 2000 at 02:12:17AM +0200

>login: -foo
>user names may not start with '-'.
>NetBSD/sparc64 (delphi) (console)
>login: +bar
>Jul 27 11:40:01 delphi login: Device not configured when initializing
>Kerberos context
>This is *not* specific to that machine's port, I've also tried it on
>1.5_ALPHA/i386. The reason why '-' is special-cased is probably NIS
>handling (I have 'passwd: files' in /etc/nsswitch.conf, not compat). 

the special case for - is because of a "feature" of login where you
can (as root, presumably) type "login -f whoever" and login doesn't
ask root for a's just logs you in.

linux boxes, hp boxes, and probably others, had (some others still do,
i'm sure) a "bug" where if you are granted a login prompt from a getty
(or a uugetty), not a telnetd, you could type -froot, getty would exec
"login -froot" and since it was already running as root, you would
just be in.

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."