[26121] in Athena Bugs
su and xlogin ignore digits after 8th character of root password
daemon@ATHENA.MIT.EDU (Erica H Peterson)
Thu Oct 14 10:29:01 2004
Date: Thu, 14 Oct 2004 10:28:30 -0400 (EDT)
From: Erica H Peterson <astronut@mit.edu>
To: bugs@mit.edu
Message-ID: <Pine.LNX.4.58L.0410141013130.28813@amalgam.mit.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
cc: husain@mit.edu
Errors-To: bugs-bounces@mit.edu
Hello,
OLC received a report from a user that he upgraded to 9.3.12 (Athena
linux), and noticed that the "su" command ignores everything after the
8th character in the root password. For example, "su" does not
distinguish between the two passwords: "abcdefgh123" and "abcdefgh456".
He did not notice this problem with 9.3.11.
There was some discussion on -c consult about this last night - we
confirmed that he's not running any extra packages, other than kernel-smp,
and that the root entry in /etc/passwd looks normal
(root:x:0:0:root:/root:/bin/bash).
I was also able to replicate this behavior on two of the OLC office
machines - an Athena linux machine running 9.3.12, and a Sun running
9.3.14. They have an eight-character root password, and *both* su
and the xlogin accepted the root password with several extra characters at
the end.
Thanks,
Erica Peterson
Athena Consultant
