utmp: finding binaries that corrupt utmp

utmp: finding binaries that corrupt utmp

Post by Haidinger Walte » Thu, 19 Mar 1998 04:00:00



Hi!

I have a mixed libc5  - libc6(glibc2) system. Now I know that the
utmp formats differ, but how do I find all the binaries which access
utmp because once in a while my utmp gets corrupted. There is still
an libc5 based programm lurking around...
Sure, init, login, getty, etc. but isn't there a generic way to find all?
'strings * | grep utmp' did not work.
Anything else I can try?

Thanks, Walter

--

Student of Electrical Engineering, University of Technology, Vienna, Austria
Address: Brunnerstr.6, A-3108 St.P?lten, Austria. Tel.: +43-2742-257191

 
 
 

utmp: finding binaries that corrupt utmp

Post by James Youngma » Thu, 19 Mar 1998 04:00:00


  Haidinger> Hi!  I have a mixed libc5 - libc6(glibc2) system. Now I
  Haidinger> know that the utmp formats differ, but how do I find all
  Haidinger> the binaries which access utmp because once in a while my
  Haidinger> utmp gets corrupted. There is still an libc5 based
  Haidinger> programm lurking around...  Sure, init, login, getty,
  Haidinger> etc. but isn't there a generic way to find all?  'strings
  Haidinger> * | grep utmp' did not work.  Anything else I can try?

You could use an LD_PRELOAD library that calls utmpname() to set the
filename of the utmp file to something else, then make /etc/utmp (or
whatever the usual name is) owned by root.root and mode 000.
Then, the offending programs will emit error messages about not being
able to open the utmp file.

 
 
 

utmp: finding binaries that corrupt utmp

Post by John Pears » Sat, 21 Mar 1998 04:00:00



>Hi!

>I have a mixed libc5  - libc6(glibc2) system. Now I know that the
>utmp formats differ, but how do I find all the binaries which access
>utmp because once in a while my utmp gets corrupted. There is still
>an libc5 based programm lurking around...
>Sure, init, login, getty, etc. but isn't there a generic way to find all?
>'strings * | grep utmp' did not work.
>Anything else I can try?

I don't have a method for finding them, but here are
some possibilities you may not have thought of:
ftpd
telnetd
rshd
sshd
popd
sessreg
xdm
timeoutd or similar
pppd
lpd

John P.
--

 
 
 

1. location of utmp wtmp in utmp.h

When building sysVinit using libc4.4 I found that 'last' was looking
for /etc/utmp and /usr/adm/wtmp.  I found that it was getting these
locations from /usr/include/utmp.h.  Why this strange inconsitency?

Is this a mistake?  Should utmp.h be changed to put both in /etc?

2. SCO CD-record, need help !!!!!

3. Corrupted /var/run/utmp file, how to fix it?

4. Help!! invalid root shell

5. Everything I compile won't read/corrupts my utmp/wtmp

6. Asus VS. Abit (need recomendation)

7. utmp Corrupted

8. Mach64 Video config help!!

9. utmp corrupted!

10. Corrupted utmp file

11. utmp file is corrupt?

12. corrupted utmp

13. Corrupt/Inconsistent /var/adm/utmp and problems with who,uptime,w