search for: _path_wtmp

....orig Thu Jun 22 15:23:34 2000 --- defines.h Tue Aug 1 00:33:17 2000 *************** *** 329,346 **** #endif /* FIXME: put default paths back in */ ! #if !defined(UTMP_FILE) && defined(_PATH_UTMP) ! # define UTMP_FILE _PATH_UTMP #endif ! #if !defined(WTMP_FILE) && defined(_PATH_WTMP) ! # define WTMP_FILE _PATH_WTMP #endif /* pick up the user's location for lastlog if given */ ! #if !defined(LASTLOG_FILE) && defined(_PATH_LASTLOG) ! # define LASTLOG_FILE _PATH_LASTLOG ! #endif ! #if !defined(LASTLOG_FILE) && defined(CONF_LASTLOG_FILE) ! # define LASTL...

...d(UTMP_FILE) && defined(_PATH_UTMP) -# define UTMP_FILE _PATH_UTMP +#ifndef UTMP_FILE +# ifdef _PATH_UTMP +# define UTMP_FILE _PATH_UTMP +# else +# ifdef CONF_UTMP_FILE +# define UTMP_FILE CONF_UTMP_FILE +# endif +# endif #endif -#if !defined(WTMP_FILE) && defined(_PATH_WTMP) -# define WTMP_FILE _PATH_WTMP +#ifndef WTMP_FILE +# ifdef _PATH_WTMP +# define WTMP_FILE _PATH_WTMP +# else +# ifdef CONF_WTMP_FILE +# define WTMP_FILE CONF_WTMP_FILE +# endif +# endif #endif /* pick up the user's location for lastlog if given */ -#if !defined(LASTLOG_FILE...

...UTMP_STR utmpx #else # ifdef HAVE_UTMP_H # define UTMP_STR utmp # endif #endif #ifndef _PATH_UTMP # ifdef UTMPX_FILE # define _PATH_UTMP UTMPX_FILE # else # ifdef UTMP_FILE # define _PATH_UTMP UTMP_FILE # else # define _PATH_UTMP "/var/adm/utmp" # endif # endif #endif #ifndef _PATH_WTMP # ifdef WTMPX_FILE # define _PATH_WTMP WTMPX_FILE # else # ifdef WTMP_FILE # define _PATH_WTMP WTMP_FILE # else # define _PATH_WTMP "/var/adm/wtmp" # endif # endif #endif #ifndef _PATH_BSHELL # define _PATH_BSHELL "/bin/sh" #endif #ifndef _PATH_STDPATH # define _PATH_S...

There are conflicting reports about wether or not Red Hat 4.0 is vulnerable to the login-lockout described earlier. I have the impression that if you install the updates it will have been fixed. Approval of messages about this subject is now restricted to "here is a patch", and a vendors "We have made a patch available". Roger.

In message <19991122110826.A23851 at wdawson-sun.sbs.siemens.com>, Willard Dawson writes: >I just tried to compile, this time with openssh-1.2pre14, openssl-0.9.4 >and egd-0.6. I get considerably further along, but still not completely >compiled. Here are the last bits: > >gcc -g -O2 -Wall -I/usr/local/ssl/include -DETCDIR=\"/usr/local/etc\" -DSSH_PR

...The bug exists through the recently released util-linux-2.6. Here is a patch which removes the locking. --- util-linux-2.6/login-utils/login.c.orig Thu Nov 7 06:26:15 1996 +++ util-linux-2.6/login-utils/login.c Fri Nov 29 16:12:24 1996 @@ -628,9 +628,10 @@ endutent(); if((wtmp = open(_PATH_WTMP, O_APPEND|O_WRONLY)) >= 0) { - flock(wtmp, LOCK_EX); +/* Locking wtmp allows for trivial denial of service attack by nvi */ +/* flock(wtmp, LOCK_EX); */ write(wtmp, (char *)&ut, sizeof(ut)); - flock(wtmp, LOCK_UN); +/* flock(wtmp, LOCK_UN); */ clos...

...lly made it through a complete build of OpenSSH on Solaris 7/x86. I've included a few notes below. Most of them are either simple enough or too complex (i.e. I'm not sure how to do it without breaking other platforms) to generate patches for here. 1) _PATH_DEVNULL, _PATH_UTMP and _PATH_WTMP aren't defined anywhere, since Solaris doesn't appear to have a paths.h include. When the compile bailed, I dropped in a literal string and reran the make. 1a) There are some conflicting declarations of __progname in the application *.c files (sshd.c, ssh-add.c, etc.). I...

...TUTLINE) + old_utp = pututline(utp); + endutent(); +#else tty = ttyslot(); if (tty > 0 && (fd = open(_PATH_UTMP, O_RDWR|O_CREAT, 0644)) >= 0) { @@ -100,6 +108,7 @@ (void)write(fd, utp, sizeof(struct utmp)); (void)close(fd); } +#endif /* HAVE_PUTUTLINE */ if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) { (void)write(fd, utp, sizeof(struct utmp)); (void)close(fd); --- config.h.in.orig Thu Apr 20 18:10:46 2000 +++ config.h.in Fri Apr 21 08:32:55 2000 @@ -187,6 +187,9 @@ /* Define if you have the openpty function. */ #undef HAVE_OPENPTY + +/* Define if you...

I just downloaded and build 2.3.0p1 on BSD/OS 4.0.1 and 4.1 with no problems. Good job, guys! I did notice that although configure looks for both LASTLOG_FILE and _PATH_LASTLOG, it only looks for UTMP_FILE and WTMP_FILE. BSD/OS doesn't define those, but it does define _PATH_UTMP and _PATH_WTMP (in <utmp.h>, same as _PATH_LASTLOG), so you may want to have configure check for them, too. (It's not a problem since BSD/OS keeps them in one of the standard places that configure looks when the macros aren't defined, but it would be cleaner.) -Larry Jones The surgeon general sho...

Hi, I''ve been writing a login application to utilize the features of both PAM and libpwdb. Not surprisingly, this has meant looking at some old code.. The following denial of service attack seems to work quite nicely on my ancient Red Hat 3.0.3 system with the standard login application. Perhaps this is not a problem with 4.0? Does anyone know about other distributions? joe$ nvi

Attached is a small patch that should fix most of the problems reported. I am adding a recommendation to use GNU make to the INSTALL document. Regards, Damien -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work) -------------- next part -------------- Index:

...zard.nl Hmm, I can imagine utmp being locked this way, but is it worth it for wtmp? All login does is add an entry to the end... Linux lacks the updwtmp{,x}() calls which SVR4 provides as a packaged way to update wtmp. My local login code when on Linux just does (basically): if ((fd = open(_PATH_WTMP, O_WRONLY|O_APPEND, 0)) >= 0) { (void)write(fd, (char *)ut, sizeof(struct utmp)); (void)close(fd); } and I''ve seen no problems so far (we don''t care about the order of the writes, and the worst that can happen is a couple of corrup wtmp entries). Of course th...