Re: bug in ssh allowing to be invisible

[kragen () POBOX COM (Kragen Sitaker)]

Greg writes:
> This means that the potiential unprivialged user can use any account in
> the system (hacked or so), and it's possible that root will not know what
> is happening (or will know when it's too late ;-).

There are dozens of ways you can run a process on a system you have
shell access to without appearing in "finger" or "who".  Here are a
few:
command & logout
procmail
.forward
.qmail*
xterm -ut
crontab

This is not a security hole in ssh.  This is a security hole in the
head of any Unix sysadmin who uses "finger" or "who" to see who's using
their system.

--
<kragen () pobox com>       Kragen Sitaker     <http://www.pobox.com/~kragen/>
This is exactly how the World Wide Web works: the HTML files are the pithy
description on the paper tape, and your Web browser is Ronald Reagan.
  -- Neal Stephenson, at http://www.cryptonomicon.com/beginning_print.html