Re: bin/38175: comsat misunderstands NetBSD 4.0 ptyfs PTY names

To: gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost,eravin%panix.com@localhost
Subject: Re: bin/38175: comsat misunderstands NetBSD 4.0 ptyfs PTY names
From: Ed Ravin <eravin%panix.com@localhost>
Date: Wed, 5 Mar 2008 18:55:01 +0000 (UTC)

The following reply was made to PR bin/38175; it has been noted by GNATS.

From: Ed Ravin <eravin%panix.com@localhost>
To: gnats-bugs%NetBSD.org@localhost
Cc: gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost, 
eravin%panix.com@localhost
Subject: Re: bin/38175: comsat misunderstands NetBSD 4.0 ptyfs PTY names
Date: Wed, 5 Mar 2008 13:51:41 -0500

 On Wed, Mar 05, 2008 at 06:05:04PM +0000, David Holland wrote:
 > The following reply was made to PR bin/38175; it has been noted by GNATS.
 > 
 > From: David Holland <dholland-bugs%netbsd.org@localhost>
 > To: gnats-bugs%NetBSD.org@localhost
 > Cc: gnats-admin%netbsd.org@localhost, netbsd-bugs%netbsd.org@localhost
 > Subject: Re: bin/38175: comsat misunderstands NetBSD 4.0 ptyfs PTY names
 > Date: Wed, 5 Mar 2008 18:04:00 +0000
 > 
 >  On Wed, Mar 05, 2008 at 03:40:02PM +0000, eravin%panix.com@localhost wrote:
 >   > We get these messages in syslog instead of successful notifications:
 >   > 
 >   > Mar  5 08:40:39 logsources@panix5/166.84.1.5 comsat[12662]: '/' in 
 > "/dev/pts/51"
 >   > 
 >   > I believe this is the code at fault in comsat.c:
 >   > 
 >   >     248     if (strncmp(cr, "pts/", 4) == 0)
 >   >     249         cr += 4;
 >   >     250     if (strchr(cr, '/')) {
 >   >     251         /* A slash is an attempt to break security... */
 >   >     252         syslog(LOG_AUTH | LOG_NOTICE, "Unexpected `/' in `%s'",
 >   >     253             ep->line);
 >   >     254         return;
 >   >     255     }
 >  
 >  Well, yes and no. The problem looks to be that the utmp file has
 >  "/dev/pts/51" in it (in the ut_line field) instead of just "pts/51",
 >  which is what would normally be expected.
 >  
 >  What do you see as the tty names when you run /usr/bin/who? And what
 >  program are you using to "log in" on these ttys that leaves it set
 >  this way? (sshd? xterm? kterm? gnome_terminal? ...?)
 
 See below.  Original user's name and IP are obfuscated.
 
 pstree says:
 -+= 00000 root [swapper]
  \-+= 00001 root init
    \-+= 14705 root /usr/sbin/sshd -u0
      \-+= 14546 root sshd: USER [priv]
        \-+- 24108 USER sshd: USER@pts/51 (sshd)
 
 /usr/bin/who says:
 USER       pts/51   Mar  5 08:16  (10.100.10.10)
 
 /usr/bin/last says:
 
 $ last -f /var/run/utmp -t pts/51
 USER        pts/51   10.l00.10.10     Wed Mar 05 08:16   still logged in
 
 $ last -f /var/run/utmpx -t pts/51
 USER        pts/51   10.100.10.10     Wed Mar 05 08:16 - 16:58  (08:42)
 
 /usr/bin/sshd is the stock NetBSD 4.0 sshd.
 
 Here's a hexdump of /var/run/utmpx:
 
 0009c00   U   S   E   R  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0
 0009c10  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0
 0009c20   s   /   5   1   p   t   s   /   5   1  \0  \0  \0  \0  \0  \0
 0009c30  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0
 0009c40  \0  \0  \0  \0   1   0   .   1   0   0   .   1   0   .   1   0
 0009c50  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0  \0
 
 hexdump of /var/run/utmp similiarly does not show any presence of the
 string "dev" and especially not "/dev". 
 
 Anywhere else I should look?

Prev by Date: Re: bin/38175: comsat misunderstands NetBSD 4.0 ptyfs PTY names
Next by Date: Re: bin/38175: comsat misunderstands NetBSD 4.0 ptyfs PTY names
Previous by Thread: Re: bin/38175: comsat misunderstands NetBSD 4.0 ptyfs PTY names
Next by Thread: Re: bin/38175: comsat misunderstands NetBSD 4.0 ptyfs PTY names
Indexes:

Home | Main Index | Thread Index | Old Index