Thanks to the following people for trying to lend a hand in our troubleshootin
email@example.com (Carsten Hennig)
firstname.lastname@example.org (Daniel Trinkle)
Ace Stewart <email@example.com>
jimw@PE-Nelson.COM (Jim Watt)
firstname.lastname@example.org (Dean Grover)
Robert.Uomini@Corp.Sun.COM (Bob Uomini)
All of these individuals suggested we look into the permissions on the tmp
directories and/or various device files. We had done this early on in the
problem solving process and concluded all was well. As indicated in my original
post, we had determined that the login program was not operating properly since
it no longer changed the ownership of /dev/fb when a new user logged in.
It turns out that /bin/login was indeed the problem. The reason it was no
longer working properly was because it (and /usr/bin/login) had been replaced
by a hacked version that trapped passwords, but didn't do all the things it was
supposed to do. It appears to have been distributed as a "package" called
sunlogin.tar. The "makefile" was just an executable script called "Make". It
indicated that it was for "Making the sun backdoor login program..."
I will be turning all applicable info over to CERT.
Don Mac Leod Internet: email@example.com
Computing & Network Services Bitnet: dmacleod@sunrise
Syracuse University NYNEX: (315) 443-3135
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:46 CDT