AIX421 root password lost

Bob.Kelley_at_BRINKSINC.COM
Date: 09/30/03

  • Next message: Utt, Lyle: "Erase AIX Drives on J40" 
    Date:         Tue, 30 Sep 2003 11:40:59 -0500
To: aix-l@Princeton.EDU

    I deleted that post about the lost remote root password, but here's
    something to try:

    - rlogin

    COMMAND

    rlogin

    SYSTEMS AFFECTED

    AIX V.?

    PROBLEM

    This a problem with the way login parses it arguments as passed by rlogind
    allows access to the root account. The problem is the ability of login to
    parse the
    command line option -fUSER as -f USER. Now
    whether you can sneak -fUSER
    to your login program depends on your rlogind. Rlogind basically comes in
    two
    incarnations:

    old_style: rologind establishes connection
    allocates pty and calls login with -r .
    No way to sneak something to login on the command line (except with getty

    when it passes usernames starting with a -). The login program will the do
    the
    rlogin protocol over stin/stuot.

    new_style: rlogin establishes the connection
    allocates pty *and* does the rlogin
    protocol. If the remote user is authenticated
    login is called like this (with exec
    so
    each token is one argument
    never more)

    login -p -h -f lusername

    when login is not authenticated
    login is called like this:

    login -p -h lusername

    Now
    if -f expects an argument (getops string f:)
    you can specify "-fuser" as a
    remote loginname
    and remote is called as

    login -p -h -flusername

    this is interpreted as

    login -p -h -f lusername

    when -f accepts an argument. It provokes a usage error if -f does not
    accept an
    argument
    it is accepted as an argument if argument parsing is done with
    strcmp("-f"
    argv[x]). The best solution would be to have rlogind (and telnetd if it
    negotiates a username) call a getoptified login like this:

    login -- username

    Summarizing: if your rlogind does the new protocol *AND* your login uses f:
    in its
    getopt strings
    you're hosed.

    % rlogin localhost -l -froot
    # whoami
    root

    SOLUTION

    None given.

    Bobby Kelley
    BRINKS
    972-877-5341

  • Next message: Utt, Lyle: "Erase AIX Drives on J40"

    Relevant Pages

    • Re: Query on SQL Server 2000 Linked Table Doesnt Provide Correct Results
      ... You may be able to use Lenin a calculated query field to determine if the count of characters is not what you expect. ... I have some backend tables in a SQL Server 2000 Database linked into ... User daemon value rlogin is true ... User bin value login is true ...
      (microsoft.public.access.queries)
    • Query on SQL Server 2000 Linked Table Doesnt Provide Correct Results
      ... I have some backend tables in a SQL Server 2000 Database linked into ... If I run the same query in query analyzer, ... User daemon value rlogin is true ... User bin value login is true ...
      (microsoft.public.access.queries)
    • =?iso-8859-1?Q?WPF:_Dialoge_vor_der_eigentlichen_App_=F6ffnen?=
      ... Ich versuche in WPF etwas zu erreichen, was ich schon seit VB3-Zeiten mit ein paar simplen Handgriffen in der "Sub Main" bewerkstellige: Vor dem Start des eigentlichen Hauptfenster soll z.B. ein Login erfolgen und/oder eine Konfiguration vorgenommen werden. ... DialogResult rLogin = frmLogin.ShowDialog; ... DialogResult rFolder = frmFolder.ShowDialog; ...
      (microsoft.public.de.german.entwickler.dotnet.csharp)
    • Re: redirect to tty
      ... >>the rlogin terminal, but the ls command is not executed on ... >>the remote host I rlogined, do I have a way I can achieve this ... > To remote execute a command, ...
      (comp.unix.programmer)
    • Remote login fun & games
      ... After a few months of pain-free ssh remote login and NFS access between Mac ... I thought about rlogin & telnet. ... telnet stream tcp nowait root /usr/libexec/telnetd telnetd ... Now if I rlogin under my user account 'mwh' it lets me in then IMMEDIATELY ...
      (comp.unix.bsd.freebsd.misc)