Casinos Not On Gamstop Non Gamstop Casinos Casinos Not On Gamstop Online Casinos UK Non Gamstop Casino

1st Jan 1996 [SBWID-157]

COMMAND
	    login(1)
SYSTEMS AFFECTED
	    BSD-net2 systems.
	    FreeBSD 1.02.,  1.1 and  current, Net-BSD-current,  BSDI's BSD/386
	    1.1 and BSD 4.4 is not affected
PROBLEM
	    There is a bug in NET-net2 version of login.c which allows  anyone
	    who has an  account on the  machine to gain  root priviledges. The
	    version of login.c has the fallowing sccsid line:
	
	        static char sccsid[]="@(#)login.c  5.73 (Berkeley) 6/29/91"
	
	    The bug  is that  it doesn't  reset the  root login  flag after an
	    unsuccessful attempt to login as root. The upshot of this is  that
	    if a person first attempts to  login as root, fails, then logs  in
	    as him/herself, he/she has a uid of 0!
SOLUTION
	    The fix is to add the line:
	
	        rootlogin = 0;
	
	    After the code:
	
	        if (pwd && !rval)
	        break;
	
	    I  don't  know  if  there  are  any  other  versions  of this code
	    which  also  have  the  same  problem.  I suggest that if you have
	    a Net2-BSD derived system you check login.c and fix it ASAP.

Internet highlights

Casino Not On Gamstop