[5044] in bugtraq
Re: Sun CDE 1.0.1: login bug
daemon@ATHENA.MIT.EDU (Doug Hughes)
Tue Jul 29 14:32:24 1997
Date: Tue, 29 Jul 1997 08:14:20 -0500
Reply-To: Doug Hughes <Doug.Hughes@ENG.AUBURN.EDU>
From: Doug Hughes <Doug.Hughes@ENG.AUBURN.EDU>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <Pine.SOL.3.91.970717155200.13847A-100000@calvin>
>Hello,
>
>I apologize if my discovery is old news, yet I thought it important
>to share and find out if this is being worked on by Sun.
>
>The problem is that CDE (Common Desktop Environment) seems to
>accept logins with usernames which have spaces prepended to them.
>I am not sure if this is the case with other window managers since
>I did not test this with other then CDE.
>
What you describe doesn't seem to be much different than pre-CDE.
People can login with spaces with xdm on Solaris2 as well, but it's
more of a nuisance here than anything else (because they can't run
mailtool, and filemgr breaks, and other things break.) So far there
have been no associated security risks. The user still has the same
uid. His account is somewhat broken though, which is inconvenient.
We've had to add an entry to our local FAQ about it.
--
____________________________________________________________________________
Doug Hughes Engineering Network Services
System/Net Admin Auburn University
doug@eng.auburn.edu
