[19234] in bugtraq
Re: vixie cron possible local root compromise
daemon@ATHENA.MIT.EDU (Juergen P. Meier)
Thu Feb 15 16:28:38 2001
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Message-Id: <20010215135121.A20253@fm.rz.fh-muenchen.de>
Date: Thu, 15 Feb 2001 13:51:22 +0100
Reply-To: jpm@class.de
From: "Juergen P. Meier" <jpm@CLASS.DE>
X-To: Valdis Kletnieks <Valdis.Kletnieks@VT.EDU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200102141634.f1EGY2i31283@foo-bar-baz.cc.vt.edu>; from
Valdis.Kletnieks@VT.EDU on Wed, Feb 14, 2001 at 11:34:02AM -0500
On Wed, Feb 14, 2001 at 11:34:02AM -0500, Valdis Kletnieks wrote:
> Of course, what's important isn't what wtmpx.h defines it as, but what pwd.h
> has to say about it. If getpwent() won't handle it, your wtmp format doesn't
> matter...
>
> Note also that some systems have utmpx.h not wtmpx.h
>
> > If anyone can find any system that reports less then 32, it will be an exce=
> > ption
> > of the rule. Of course I mean current systems. libc5 systems, AIX 3.2 and o=
> > ld
> > systems like that will probably return 16 or even 8.
>
> AIX 4.3.3 and AIX 5.0 both limit it to 8 in utmpx.h
>
> Solaris 5.7 has a 32-char limit in wtmp, but has this in 'man useradd':
Years of wrestling a big NIS+ cluster with sun's and linux systems
teached me that one should _never_ ever completly trust anything thats just
written the manual (pages) - its always better to check with the
source (or at least the header's) - and check portability before anything
else ;)
Btw, the file-db routines in solaris (in solaris 2.4 through 2.6,
dont know what 7 and 8 make of it) lib's do handle login names of up to
32 chars well. Its just that NIS+ is horribly broken when it comes
to long login names (and passwords, btw ;).
One does also run into big problems with all login-type daemons like
ftp, rsh etc.
Just a side note: in /usr/include/limits.h one can find this:
(sol 2.6, 7 and 8)
#define LOGNAME_MAX 8 /* max # of characters in a login name */
/* POSIX.1c conformant */
#define _POSIX_LOGIN_NAME_MAX 9
Thats one reason why i used to include <limits.h> in my programs ;)
>
> Moral of the story: Not all the world is Linux, and some vendors care
> more about backward and cross compatability than being the latest-and-greatest.
ACK
> --
> Valdis Kletnieks
> Operating Systems Analyst
> Virginia Tech
>
Juergen
--
Juergen P. Meier email: jpm@class.de
