[19220] in bugtraq
Re: vixie cron possible local root compromise
daemon@ATHENA.MIT.EDU (Valdis Kletnieks)
Wed Feb 14 15:18:03 2001
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="==_Exmh_1341407328P";
micalg=pgp-sha1; protocol="application/pgp-signature"
Content-Transfer-Encoding: 7bit
Message-Id: <200102141634.f1EGY2i31283@foo-bar-baz.cc.vt.edu>
Date: Wed, 14 Feb 2001 11:34:02 -0500
Reply-To: Valdis.Kletnieks@VT.EDU
From: Valdis Kletnieks <Valdis.Kletnieks@VT.EDU>
X-To: "Rodrigo Barbosa (aka morcego)" <rodrigob@CONECTIVA.COM.BR>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Your message of "Tue, 13 Feb 2001 22:27:14 -0200."
<20010213222714.E2369@conectiva.com.br>
--==_Exmh_1341407328P
Content-Type: text/plain; charset=us-ascii
On Tue, 13 Feb 2001 22:27:14 -0200, "Rodrigo Barbosa (aka morcego)" <rodrigob@CONECTIVA.COM.BR> said:
> #include <wtmpx.h>
>
> main () {
> printf("%d\n",__UT_NAMESIZE);
> }
Of course, what's important isn't what wtmpx.h defines it as, but what pwd.h
has to say about it. If getpwent() won't handle it, your wtmp format doesn't
matter...
Note also that some systems have utmpx.h not wtmpx.h
> If anyone can find any system that reports less then 32, it will be an exce=
> ption
> of the rule. Of course I mean current systems. libc5 systems, AIX 3.2 and o=
> ld
> systems like that will probably return 16 or even 8.
AIX 4.3.3 and AIX 5.0 both limit it to 8 in utmpx.h
Solaris 5.7 has a 32-char limit in wtmp, but has this in 'man useradd':
The login field (login ) is a string no more than eight
bytes consisting of characters from the set of alphabetic
characters, numeric characters, period (.), underscore
(_), and hypen (-). The first character should be alpha-
betic and the field should contain at least one lower case
alphabetic character. A warning message will be written if
these restrictions are not met. A future Solaris release may
refuse to accept login fields that do not meet these
requirements. The login field must contain at least one
character and must not contain a colon (:) or a newline
(\n).
SGI 6.5.10f has a 32-char limit in utmpx.h, but 'man 4 passwd' says this:
name User's login name -- consists of alphanumeric characters and
must not be greater than eight characters long. It is
recommended that the login name consist of a leading lower case
letter followed by a combination of digits and lower case
letters for greatest portability across multiple versions of
the UNIX operating system. This recommendation can be safely
ignored for users local to IRIX systems. The pwck(1M) command
checks for the greatest possible portability on names, and
complains about user names that do not cause problems on IRIX.
I'll let somebody else check Tru64 and HP/UX, I don't have access to them
at the moment.
Moral of the story: Not all the world is Linux, and some vendors care
more about backward and cross compatability than being the latest-and-greatest.
--
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech
--==_Exmh_1341407328P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Exmh version 2.2 06/16/2000
iQA/AwUBOoqzenAt5Vm009ewEQKm7gCg+ovODNW2FxpfKjysWsFBo0LqIXsAoMZh
jN9joItbOH1xS9s/6swwMHJf
=Ywaw
-----END PGP SIGNATURE-----
--==_Exmh_1341407328P--
