[5840] in bugtraq
Re: Buffer Overrun / DOS in /bin/passwd (at least Redhat Linux
daemon@ATHENA.MIT.EDU (Theo de Raadt)
Fri Dec 19 17:54:12 1997
Date: Fri, 19 Dec 1997 15:08:27 -0700
Reply-To: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
From: Theo de Raadt <deraadt@CVS.OPENBSD.ORG>
X-To: Alec Muffett <alecm@CRYPTO.DIRCON.CO.UK>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: Your message of "Fri, 19 Dec 1997 20:24:41 GMT."
<199712192024.UAA14689@crypto.dircon.co.uk>
In OpenBSD, we constrain the password line to be 1023 characters long
(_including_ expansion in the gecos field of all cases of '&' ->
username).
Perhaps this strict constraint isn't the perfect solution to the
problem, but it sure has stopped a few root holes. One day we'll
rewrite it better: allow longer lengths, but check in lots of places.
(However a current benefit of this scheme is that the 1023 character
constraint also helps for the YP server case).
This solution saved us from the sendmail overflow in buildfname().
