Path: utzoo!attcan!uunet!lll-winken!lll-ncis!helios.ee.lbl.gov!nosc!ucsd!ucbvax!decwrl!labrea!rutgers!mit-eddie!uw-beaver!rice!sun-spots-request
From: mjr@cthulhu.welch.jhu.edu (Marcus J. Ranum)
Newsgroups: comp.sys.sun
Subject: rsh as 'root' causing login to dump core in SunOs4.0
Message-ID: <8901082250.AA04815@cthulhu.welch.jhu.edu>
Date: 13 Jan 89 16:43:07 GMT
Sender: usenet@rice.edu
Organization: Sun-Spots
Lines: 23
Approved: Sun-Spots@rice.edu
Original-Date: Sun, 8 Jan 89 17:50:47 EST
X-Sun-Spots-Digest: Volume 7, Issue 101, message 8 of 19

We're running 4.0, and if I rlogin from our VAX (ultrix) to my Sun as
'root', I get a closed connection on the VAX, and a core dump on the Sun,
apparently from login. From my limited familiarity with adb:

>core file = core -- program ``login''
>SIGSEGV	11: segmentation violation
>?() at ed8ba68
>?() at 0
>?() at 0
>?(0xeffffdd) at	3608
>?(0x3,0xeffffbc,0xeffffcc) at 241a

I can't think of anything unusually nasty in our configuration - our
hosts.equiv contained the VAX's name (fully-qualified - is there a buffer
overrun somewhere ?) as does /.rhosts.

(As an aside, for those who have been following the argument in
comp.unix.wizards about keeping a shadow password file this raises the
fact that any deamons, etc, that access that shadow have to be more
bug-free than a lot of the code we have been seeing from various sources
lately.)

--mjr();