tech-security: Re: login leaks information w/ skeys

Subject: Re: login leaks information w/ skeys
To: None <hubert.feyrer@informatik.fh-regensburg.de>
From: Andrew Brown <atatat@atatdot.net>
List: tech-security
Date: 07/27/2000 21:44:41

  by mail.netbsd.org with SMTP; 28 Jul 2000 01:44:49 -0000
	by noc.untraceable.net (8.11.0/8.11.0/bonk!) id e6S1igd12041;
	Thu, 27 Jul 2000 21:44:42 -0400 (EDT)
Date: Thu, 27 Jul 2000 21:44:41 -0400
From: Andrew Brown <atatat@atatdot.net>
To: hubert.feyrer@informatik.fh-regensburg.de
Cc: "Martin J. Laubach" <mjl@nospam.office.emsi.priv.at>,
   tech-security@netbsd.org
Subject: Re: login leaks information w/ skeys
Message-ID: <20000727214441.A11987@noc.untraceable.net>
Reply-To: Andrew Brown <atatat@atatdot.net>
References: <964730751.507513@maschndrohtzaun.emsi.priv.at> <Pine.GSO.4.10.10007280209350.11355-100000@rfhpc8320.fh-regensburg.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.4i
In-Reply-To: <Pine.GSO.4.10.10007280209350.11355-100000@rfhpc8320.fh-regensburg.de>; from feyrer@rfhs8012.fh-regensburg.de on Fri, Jul 28, 2000 at 02:12:17AM +0200
Return-Receipt-To: receipts@daemon.org

>login: -foo
>user names may not start with '-'.
>NetBSD/sparc64 (delphi) (console)
>
>login: +bar
>Jul 27 11:40:01 delphi login: Device not configured when initializing
>Kerberos context
>Password:
>
>This is *not* specific to that machine's port, I've also tried it on
>1.5_ALPHA/i386. The reason why '-' is special-cased is probably NIS
>handling (I have 'passwd: files' in /etc/nsswitch.conf, not compat). 

the special case for - is because of a "feature" of login where you
can (as root, presumably) type "login -f whoever" and login doesn't
ask root for a password...it's just logs you in.

linux boxes, hp boxes, and probably others, had (some others still do,
i'm sure) a "bug" where if you are granted a login prompt from a getty
(or a uugetty), not a telnetd, you could type -froot, getty would exec
"login -froot" and since it was already running as root, you would
just be in.

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."