|Product:||[Retired] Red Hat Linux||Reporter:||n.lathiotakis|
|Component:||util-linux||Assignee:||David Lawrence <dkl>|
|Status:||CLOSED CURRENTRELEASE||QA Contact:|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||1999-01-12 21:51:30 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
Description n.lathiotakis 1999-01-02 21:07:04 UTC
If a succesful login at the console (e.g. user 'phnl') FOLLOWS an unsuccesful one (e.g. false user name, 'Shit' in the example), then if user phnl does a 'ps axu' one of the entries is the following: phnl 16792 0.1 1.5 1500 988 1 S 20:33 0:00 /bin/login -- Shit The particular process is the succesfull login of phnl but appears with the name 'Shit' which is the previous unsuccesfull login. It is not important of course but its is a fault. And on the other hand it could be a 'secutity hole' for someone who by mistake types the pass instead of username. Then everyone could see his password simply doing a 'ps axu'! I tried two different machines with kernels 2.0.34 and 2.0.36 both with redhat 5.1 and the result was the same.
Comment 1 David Lawrence 1999-01-12 21:51:59 UTC
I have been able to replicate this bug with 5.1. The failed login name does show up in a ps -ax listing. On the other hand I could not get this to happen using 5.2. My suggestion would be to upgrade to 5.2.