Date: Sun, 24 Oct 2004 18:15:27 +0100 From: Craig Edwards <brain@winbot.co.uk> To: freebsd-security@freebsd.org Subject: broken lastlog? Message-ID: <417BE32F.9020204@winbot.co.uk> In-Reply-To: <1357.213.112.198.199.1098562966.squirrel@mail.hackunite.net> References: <1323.213.112.198.199.1098388008.squirrel@mail.hackunite.net> <008401c4b868$ffd64ac0$3501a8c0@pro.sk> <00ab01c4b870$a3024760$3501a8c0@pro.sk> <52757.10.0.0.10.1098560266.squirrel@10.0.0.10> <1357.213.112.198.199.1098562966.squirrel@mail.hackunite.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi.
on freebsd 5.2.1 i managed to break my lastlog by repeatedly issuing
'date' commands. Im not sure how this happened but by issuing a command
to set the date in an infinite while loop (i was attempting to break the
restriction of setting the time to +/- 1 second in securelevel 2), you
can end up with a lastlog like the following:
[root@machine:username]$ last
username ttyp2 4.1.2.3 Sun Oct 24 16:06 still logged in
date { Fri Dec 13 20:45
date | Sun Oct 24 15:00
username2 ttyp2 1.2.3.4 Sun Oct 24 01:01 - 02:33 (01:31)
etc etc...
this output is sanitized so not to contain real data. The real test was
done as root, so far i've not been able to pin this down. Has anyone
seen this before and is it fixed in later versions?
Thanks,
Craig Edwards
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?417BE32F.9020204>