From jonny@coppe.ufrj.br  Sun Jan 11 18:29:54 1998
Received: from gaia.coppe.ufrj.br (cisigw.coppe.ufrj.br [146.164.5.200])
          by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id SAA09019
          for <FreeBSD-gnats-submit@freebsd.org>; Sun, 11 Jan 1998 18:29:48 -0800 (PST)
          (envelope-from jonny@coppe.ufrj.br)
Received: (from jonny@localhost)
	by gaia.coppe.ufrj.br (8.8.8/8.8.8) id AAA29554;
	Mon, 12 Jan 1998 00:29:42 -0200 (EDT)
	(envelope-from jonny)
Message-Id: <199801120229.AAA29554@gaia.coppe.ufrj.br>
Date: Mon, 12 Jan 1998 00:29:42 -0200 (EDT)
From: Joao Carlos Mendes Luis <jonny@coppe.ufrj.br>
Reply-To: jonny@coppe.ufrj.br
To: FreeBSD-gnats-submit@freebsd.org
Subject: login(1) clears utmp entry
X-Send-Pr-Version: 3.2

>Number:         5483
>Category:       bin
>Synopsis:       Login(1) clears utmp entry
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    gabor
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jan 11 18:30:01 PST 1998
>Closed-Date:    Mon Dec 25 21:23:36 GMT 2006
>Last-Modified:  Mon Dec 25 21:24:38 GMT 2006
>Originator:     Joao Carlos Mendes Luis
>Release:        FreeBSD 2.2.5-STABLE i386
>Organization:
COPPE/UFRJ
>Environment:

	FreeBSD 2.2-stable

	Login session conected from network.

>Description:

	When called from user prompt login(1) clears utmp entry,
      removing info about user location in network.  It's still
      possible to find the original conection from netstat and
      fstat, but it's not easy.

>How-To-Repeat:

telnet to somehost
$w
See FROM field
$login
Enter user and password
$w
See new FROM field: no network address

>Fix:
	
	I'm not sure, but maybe a previous check in utmp could help.
	Don't know which side-effects it could have on normal logins.
>Release-Note:
>Audit-Trail:

From: Johan Karlsson <k@numeri.campus.luth.se>
To: FreeBSD-gnats-submit@FreeBSD.ORG
Cc:  
Subject: Re: bin/5483: Login(1) clears utmp entry
Date: Fri, 12 Oct 2001 00:16:34 +0200

 This was (is?) still a problem in 4-current, see PR 16971
 
 
 -- 
 Johan Karlsson		mailto:k@numeri.campus.luth.se

From: Justin Swartz <inode@unix.za.net>
To: bug-followup@FreeBSD.org, jonny@coppe.ufrj.br
Cc:  
Subject: Re: bin/5483: Login(1) clears utmp entry
Date: Fri, 2 Sep 2005 00:31:37 +0200 (SAST)

 Extending on what Joao Carlos Mendes Luis said back in 1998.
 
 Exiting from the shell you're dropped to once rerunning login
 from the original shell, seems to clear more of the utmp
 entry if not removing it entirely....
 
 Observe:
 
 login as: inode
 Password:
 Last login: Thu Sep  1 19:06:13 2005
 Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
          The Regents of the University of California.  All rights reserved.
 
 FreeBSD 5.3-RELEASE-p6 (NASSP_SMP) #0: Sun Apr  3 22:59:55 SAST 2005
 
 FreeBSD 5.3-RELEASE-p6 (NASSP_SMP) #0: Sun Apr  3 22:59:55 SAST 2005
 
 
 
 
 
          Ipv6 only.
          Experimental spam evasion test in process.
          http://tinyurl.com/d28gh, if I see any spikes
          forget about logging in again.
 
 
 % w
 12:24AM  up 57 days,  4:46, 12 users, load averages: 0.00, 0.00, 0.00
 USER             TTY      FROM              LOGIN@  IDLE WHAT
 root             p0       :ttyv0:S.0       06Jul05 57days -
 daniel           p1       gw00-em0:S.0     21Jul05  7:17 -
 daniel           p3       gw00-em0:S.2     Fri04PM  8:44 -
 daniel           p4       gw00-em0:S.6     Thu04PM  7:24 -
 inode            p5       tpr-ip-nas-ov-1- 12:24AM     - w
 daniel           p7       gw00-em0:S.5     08Aug05  7:16 -
 daniel           pa       gw-em0.nassp.uct Mon04PM  7:16 -
 daniel           pd       gw00-em0:S.1     Wed04PM  7:26 -
 daniel           pe       gw00-em0:S.3     Thu11AM  9:49 -
 daniel           ph       gw00-em0:S.4     Thu11AM 13:10 -
 daniel           pk       gw00-em0:S.7     Thu12PM  8:30 -
 csyn             pm       foad             Wed01PM 34:39 -
 % login
 login: inode
 Last login: Fri Sep  2 00:24:29 from tpr-ip-nas-ov-1
 Copyright (c) 1992-2004 The FreeBSD Project.
 Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
          The Regents of the University of California. All rights reserved.
 
 FreeBSD 5.3-RELEASE-p6 (NASSP_SMP) #0: Sun Apr  3 22:59:55 SAST 2005
 
 FreeBSD 5.3-RELEASE-p6 (NASSP_SMP) #0: Sun Apr  3 22:59:55 SAST 2005
 
 
 
 
 
          Ipv6 only.
          Experimental spam evasion test in process.
          http://tinyurl.com/d28gh, if I see any spikes
          forget about logging in again.
 
 
 % w
 12:26AM  up 57 days,  4:47, 12 users, load averages: 0.00, 0.00, 0.00
 USER             TTY      FROM              LOGIN@  IDLE WHAT
 root             p0       :ttyv0:S.0       06Jul05 57days -
 daniel           p1       gw00-em0:S.0     21Jul05  7:18 -
 daniel           p3       gw00-em0:S.2     Fri04PM  8:45 -
 daniel           p4       gw00-em0:S.6     Thu04PM  7:25 -
 inode            p5       -                12:25AM     - w
 daniel           p7       gw00-em0:S.5     08Aug05  7:17 -
 daniel           pa       gw-em0.nassp.uct Mon04PM  7:17 -
 daniel           pd       gw00-em0:S.1     Wed04PM  7:27 -
 daniel           pe       gw00-em0:S.3     Thu11AM  9:50 -
 daniel           ph       gw00-em0:S.4     Thu11AM 13:11 -
 daniel           pk       gw00-em0:S.7     Thu12PM  8:31 -
 csyn             pm       foad             Wed01PM 34:40 -
 % exit
 % w
 12:26AM  up 57 days,  4:47, 11 users, load averages: 0.00, 0.00, 0.00
 USER             TTY      FROM              LOGIN@  IDLE WHAT
 root             p0       :ttyv0:S.0       06Jul05 57days -
 daniel           p1       gw00-em0:S.0     21Jul05  7:18 -
 daniel           p3       gw00-em0:S.2     Fri04PM  8:46 -
 daniel           p4       gw00-em0:S.6     Thu04PM  7:26 -
 daniel           p7       gw00-em0:S.5     08Aug05  7:17 -
 daniel           pa       gw-em0.nassp.uct Mon04PM  7:17 -
 daniel           pd       gw00-em0:S.1     Wed04PM  7:27 -
 daniel           pe       gw00-em0:S.3     Thu11AM  9:51 -
 daniel           ph       gw00-em0:S.4     Thu11AM 13:11 -
 daniel           pk       gw00-em0:S.7     Thu12PM  8:31 -
 csyn             pm       foad             Wed01PM 34:40 -
 % id
 uid=1363(inode) gid=1363(inode) groups=1363(inode)
 % finger inode
 Login: inode                            Name: Justin Swartz
 Directory: /home/inode                  Shell: /bin/sh
 Last login Fri Sep  2 00:25 (SAST) on ttyp5
 No Mail.
 No Plan.
 %
 
 
 
 And if you read that correctly, you'll see it appeared as if I had logged 
 out.
 
 Pretty useful for fooling gulable admin without the need for root access.
 Of course, examining the process list and active network sessions in this 
 case don't aid in the facade.
 
 I've tested this successfuly on at least the following, FreeBSD 3.1, 4.3, 
 5.2, 5.3, 6.0-CURRENT, and 5.4-STABLE. Fortunately the login(1) facility 
 of the other 2 popular BSD projects doesn't exhibit this behaviour.
 
 Yours Sincerely,
 
 
 
 Justin Swartz
 http://src.co.za/
 
 
State-Changed-From-To: open->closed 
State-Changed-By: gabor 
State-Changed-When: Mon Dec 25 21:21:26 UTC 2006 
State-Changed-Why:  
bin/94060 describes the same issue for newer FreeBSD releases,
closing this PR hoping the new one will get more attention.

http://www.freebsd.org/cgi/query-pr.cgi?pr=5483 
Responsible-Changed-From-To: freebsd-bugs->gabor 
Responsible-Changed-By: gabor 
Responsible-Changed-When: Mon Dec 25 21:22:19 UTC 2006 
Responsible-Changed-Why:  
bin/94060 describes the same issue for newer FreeBSD releases, 
closing this PR hoping the new one will get more attention. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=5483 
>Unformatted:
