NetBSD-Bugs archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: bin/38175: comsat misunderstands NetBSD 4.0 ptyfs PTY names
The following reply was made to PR bin/38175; it has been noted by GNATS.
From: Ed Ravin <eravin%panix.com@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost,
eravin%panix.com@localhost
Subject: Re: bin/38175: comsat misunderstands NetBSD 4.0 ptyfs PTY names
Date: Wed, 5 Mar 2008 13:51:41 -0500
On Wed, Mar 05, 2008 at 06:05:04PM +0000, David Holland wrote:
> The following reply was made to PR bin/38175; it has been noted by GNATS.
>
> From: David Holland <dholland-bugs%netbsd.org@localhost>
> To: gnats-bugs%NetBSD.org@localhost
> Cc: gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
> Subject: Re: bin/38175: comsat misunderstands NetBSD 4.0 ptyfs PTY names
> Date: Wed, 5 Mar 2008 18:04:00 +0000
>
> On Wed, Mar 05, 2008 at 03:40:02PM +0000, eravin%panix.com@localhost wrote:
> > We get these messages in syslog instead of successful notifications:
> >
> > Mar 5 08:40:39 logsources@panix5/166.84.1.5 comsat[12662]: '/' in
> "/dev/pts/51"
> >
> > I believe this is the code at fault in comsat.c:
> >
> > 248 if (strncmp(cr, "pts/", 4) == 0)
> > 249 cr += 4;
> > 250 if (strchr(cr, '/')) {
> > 251 /* A slash is an attempt to break security... */
> > 252 syslog(LOG_AUTH | LOG_NOTICE, "Unexpected `/' in `%s'",
> > 253 ep->line);
> > 254 return;
> > 255 }
>
> Well, yes and no. The problem looks to be that the utmp file has
> "/dev/pts/51" in it (in the ut_line field) instead of just "pts/51",
> which is what would normally be expected.
>
> What do you see as the tty names when you run /usr/bin/who? And what
> program are you using to "log in" on these ttys that leaves it set
> this way? (sshd? xterm? kterm? gnome_terminal? ...?)
See below. Original user's name and IP are obfuscated.
pstree says:
-+= 00000 root [swapper]
\-+= 00001 root init
\-+= 14705 root /usr/sbin/sshd -u0
\-+= 14546 root sshd: USER [priv]
\-+- 24108 USER sshd: USER@pts/51 (sshd)
/usr/bin/who says:
USER pts/51 Mar 5 08:16 (10.100.10.10)
/usr/bin/last says:
$ last -f /var/run/utmp -t pts/51
USER pts/51 10.l00.10.10 Wed Mar 05 08:16 still logged in
$ last -f /var/run/utmpx -t pts/51
USER pts/51 10.100.10.10 Wed Mar 05 08:16 - 16:58 (08:42)
/usr/bin/sshd is the stock NetBSD 4.0 sshd.
Here's a hexdump of /var/run/utmpx:
0009c00 U S E R \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0
0009c10 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0
0009c20 s / 5 1 p t s / 5 1 \0 \0 \0 \0 \0 \0
0009c30 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0
0009c40 \0 \0 \0 \0 1 0 . 1 0 0 . 1 0 . 1 0
0009c50 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0 \0
hexdump of /var/run/utmp similiarly does not show any presence of the
string "dev" and especially not "/dev".
Anywhere else I should look?
Home |
Main Index |
Thread Index |
Old Index