bug in lastlog logging?

[Rip Loomis]

Henry--
Frequently, the login name that shows up in logs
and such is the first account listed in /etc/passwd
with the correct UID.  I've personally seen this
in a lot of other cases, although not specifically
with OpenSSH.

One of the steps we normally do when hardening a
system is to ensure that no two accounts have the
same UID--essentially, there is always a better
solution.

Not 100% sure if this is what is causing the
symptom you're seeing, but it sure sounds like
it.  I think the answer is "Hey doc...it hurts
when I do this!" "Well, then don't do that any
more."

Rip Loomis		Voice Number: (410) 953-6874
--------------------------------------------------------
Security Engineer
Center for Information Security Technology
Science Applications International Corporation
http://www.cist.saic.com



-----Original Message-----
From: owner-openssh-unix-dev at mindrot.org
[mailto:owner-openssh-unix-dev at mindrot.org]On Behalf Of Henry E. Thorpe
Sent: Thursday, July 27, 2000 3:08 PM
To: openssh-unix-dev at mindrot.org
Subject: bug in lastlog logging?


Folks;

I couldn't find anything on my archive of the mailing list on this,
and it may just be my mis-understanding, but:

When I "ssh machine1 -l user1" as user2 on machine2, if user2 has the
same uid on machine1, then user2's name ends up in lastlog, instead of
user1's.

This is a bit disconcerting when user2 is root, and root isn't allowed
to remotely log in on machine1.

I haven't dived into the code yet?  Is the bug in openssh, or my
understanding?

This is with machine1 running openssh-2.1.1p1 under RedHat Linux 6.2,
and machine2 being either openssh-2.1.0p2 on RedHat Linux 6.0, "SSH
Version 1.2.26 [i386-unknown-freebsd3.1], protocol version 1.5" on
FreeBSD 3.1-RELEASE, or openssh-2.1.1p2 on Sparc/Solaris 2.6.

Please slap me if this is of no import.

-- 
____________________________________________________________
Henry E. Thorpe 
AT&T Labs WorldNet Hosting Planning and Development
thorpe at lynxhub.att.com