Bug 10175
Summary: | pidentd lookups reports root user when using rlogin. | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Jesper Brouer <hawk> |
Component: | pidentd | Assignee: | Trond Eivind Glomsrxd <teg> |
Status: | CLOSED WORKSFORME | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.1 | CC: | hall |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2000-05-14 21:05:04 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Jesper Brouer
2000-03-14 21:56:35 UTC
I don't believe this is a pidentd problem, as it "works for me" when I rlogin localhost and check /var/log/messages (Red Hat 6.2/sparc with pidentd-3.0.10-5). You might want to check /etc/pam.d/rlogin, as I dimly remember a last minute change there. FWIW, here's what I have: #%PAM-1.0 auth sufficient /lib/security/pam_rhosts_auth.so auth required /lib/security/pam_securetty.so auth required /lib/security/pam_pwdb.so shadow nullok auth required /lib/security/pam_nologin.so account required /lib/security/pam_pwdb.so password required /lib/security/pam_cracklib.so password required /lib/security/pam_pwdb.so shadow nullok use_authtok session required /lib/security/pam_pwdb.so It has nothing to do with PAM! When I rlogin to a host, the host throws a ident-lookup back at the machine I come from. If I use rlogin I get the answer 'root' not my username. But if I use telnet I get the right result. So the problem must be the suid-bit on rlogin. It must be a uid,euid problem since all identd does is lookup the uid of whoever owns the tcp-connection. -- Christoffer OK .... mystery solved! The problem is as follows: pidentd wants the uid of a connection. It looks up i /proc/net/tcp to see who owns the given connection. The problems is that /proc/net/tcp lists the euid and not the uid. Since rlogin is suid-root it gets euid 0 and that is why identd return root and not the real name. Now the big one ... how to solve it ;) I'ev asked on linux-kernel if euid is really what should be listed in /proc/net/tcp. -- Christoffer (hall) |