Date: Wed, 30 Oct 1996 20:56:19 +0100 (MET) From: Guido van Rooij <guido@gvr.win.tue.nl> To: john@starfire.mn.org Cc: hackers@FreeBSD.ORG Subject: Re: rlogind user name restrictions Message-ID: <199610301956.UAA09626@gvr.win.tue.nl> In-Reply-To: <199610171436.JAA07828@starfire.mn.org> from "john@starfire.mn.org" at "Oct 17, 96 09:36:27 am"
next in thread | previous in thread | raw e-mail | index | archive | help
john@starfire.mn.org wrote:
> I understand the restriction on not passing a "username" to login that
> STARTS with '-', but I do not understand the restriction on it anywhere
> in the "lusername" string. Would any BAD THINGS happen if I relaxed
> the restriction to only check for the first character?
>
> The thing is, we have a user "star-net"...
>
Yes you are right.
This has long been fixed in current.
-Guido
Here is the patch:
--- /usr/src/libexec/rlogind/rlogind.c Sun Jun 23 15:07:44 1996
+++ /tmp/rlogind.c Wed Oct 30 20:55:23 1996
@@ -293,7 +293,7 @@
if (f > 2) /* f should always be 0, but... */
(void) close(f);
setup_term(0);
- if (strchr(lusername, '-')) {
+ if (lusername == '-') {
syslog(LOG_ERR, "tried to pass user \"%s\" to login",
lusername);
fatal(STDERR_FILENO, "invalid user", 0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610301956.UAA09626>