From nobody@FreeBSD.org  Wed Oct 10 12:05:36 2001
Return-Path: <nobody@FreeBSD.org>
Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21])
	by hub.freebsd.org (Postfix) with ESMTP id 46BDD37B401
	for <freebsd-gnats-submit@FreeBSD.org>; Wed, 10 Oct 2001 12:05:36 -0700 (PDT)
Received: (from nobody@localhost)
	by freefall.freebsd.org (8.11.4/8.11.4) id f9AJ5aO33641;
	Wed, 10 Oct 2001 12:05:36 -0700 (PDT)
	(envelope-from nobody)
Message-Id: <200110101905.f9AJ5aO33641@freefall.freebsd.org>
Date: Wed, 10 Oct 2001 12:05:36 -0700 (PDT)
From: David Ljung Madison <freebsd.org@daveola.com>
To: freebsd-gnats-submit@FreeBSD.org
Subject: FreeBSD login will display secure log notices before password is given
X-Send-Pr-Version: www-1.0

>Number:         31204
>Category:       misc
>Synopsis:       FreeBSD login will display secure log notices before password is given
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 10 12:10:01 PDT 2001
>Closed-Date:    Mon Dec 17 02:58:35 PST 2001
>Last-Modified:  Mon Dec 17 03:00:22 PST 2001
>Originator:     David Ljung Madison
>Release:        4.4
>Organization:
MarginalHacks.com
>Environment:
FreeBSD ***.com 4.4-RELEASE FreeBSD 4.4-RELEASE #0: Tue Sep 18 11:57:08 PDT 2001
murray@builder.FreeBSD.org:/usr/src/sys/compile/GENERIC  i386
>Description:
First of all, I should point out that I don't actually run FreeBSD as
my unix flavor, I was working on a friend's machine. If you try to login as root, you can see security warnings that only
root should see before you ever enter your password. An obvious exploit would be to login to the machine, enter "root" at
the login prompt, then sit back and watch security messages, which could
be very useful to an attacker to learn about what kind of security the
system has implemented
>How-To-Repeat:
Make a bad attempt to login to some account (use the wrong password).  Then
try to login as root - you will see the "bad login" message after you enter
the "login:" prompt but before you type a password.
>Fix:
Dunno - don't have a FreeBSD system.  Presumably the login exec is doing a
setuid before it actually verifies the password?
>Release-Note:
>Audit-Trail:

From: David Malone <dwmalone@maths.tcd.ie>
To: David Ljung Madison <freebsd.org@daveola.com>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: misc/31204: FreeBSD login will display secure log notices before password is given
Date: Wed, 10 Oct 2001 21:10:40 +0100

 On Wed, Oct 10, 2001 at 12:05:36PM -0700, David Ljung Madison wrote:
 > I was working on a friend's machine. If you try to login as root, you can see security warnings that only
 > root should see before you ever enter your password. An obvious exploit would be to login to the machine, enter "root" at
 > the login prompt, then sit back and watch security messages, which could
 > be very useful to an attacker to learn about what kind of security the
 > system has implemented
 
 Are you sure you weren't seeing these messages because you were
 logging on to the system console? The default syslog.conf logs a
 selection of messages to the console, including the one for attempted
 root logins. Some of the more sensitive messages shouldn't logged to
 the console.
 
 If you weren't logging in at the console, were you using telnet,
 ssh or another method to log in?
 
 	David.
State-Changed-From-To: open->feedback 
State-Changed-By: cjc 
State-Changed-When: Fri Oct 12 18:51:34 PDT 2001 
State-Changed-Why:  
If these login attempts were at the console, this is 
understandable. How syslogd(8) logs to the console is configurable and 
this is not a bug but just a default configuration choice. However, if 
this was _not_ at the console, we need more information. There may 
be a problem. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=31204 
State-Changed-From-To: feedback->closed 
State-Changed-By: cjc 
State-Changed-When: Mon Dec 17 02:58:35 PST 2001 
State-Changed-Why:  
Feedback timeout, over 2 months. 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=31204 
>Unformatted:
