From posse@CORINNE.MAC.EDU Wed Jun 18 03:56:51 1997 Date: Wed, 18 Jun 1997 03:02:15 -0000 From: Corinne Posse To: BUGTRAQ@NETSPACE.ORG ************** Corinne Posse Security Notice ************** Issue Number 5: 970717 ************** http://corinne.mac.edu/posse ************** **** Problem with su on HP/UX 9.00 VIA a dumb-terminal **** When the shell calling "su" is killed, the user is logged out, but in-between login prompts, a user can still enter commands as root. Affected Sites: Any HP system running HP/UX 9.00. Problem: When a user su's to root and goes idle, the other system administrator wants to kill the login shell for obvious purposes. Normally, doing this logs the user out and kills and shells or programs that have been run from this shell, but this isn't quite the case. What happens is this: It will appear as if the user has logged out of his/her dumb-terminal, however there is quite a surprise (or present) for the next user of tha terminal: HP/UX 9.00 login: myusername # ksh: myusername not found password: # login: uptime 9:28PM up 1 day, 58 mins, 6 users, load averages: 0.10, 0.17, 0.21 password: