On Wed, 2 Oct 2002, buzheng wrote: > I do not think this is a new bug. I completely agree. > But, the remote setting of TTYPROMPT does matter. you can not succeed in > login without remotely changing the TTYPROMPT. This is also the bug > mentioned in Jonathan's original letter (bid:5531). That's why this bug is not exploitable using remote applications like rlogin, ssh (at least if you are not crazy enough to enable UseLogin option) or X.25 pad: rlogin and pad aren't able to pass env vars others than TERM, while ssh normally don't uses /bin/login for user authentication. > If you have applied patches for these 2 bugs, you are safe now. > > BTW: you can change multiple "c "s to "a=b"s, actually, since SYS V > login treat " " as environ var separator, you can also use >=64 words > separated by " " or "\t". they will all work. Agreed as well. :raptor Antifork Research, Inc. ITBH Italian Black Hats http://www.0xdeadbeef.eu.org http://elite.blackhats.it