From owner-freebsd-hackers Wed Oct 30 12:29:25 1996 Return-Path: owner-hackers Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id MAA27185 for hackers-outgoing; Wed, 30 Oct 1996 12:29:25 -0800 (PST) Received: from brasil.moneng.mei.com (brasil.moneng.mei.com [151.186.109.160]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id MAA27178 for ; Wed, 30 Oct 1996 12:29:21 -0800 (PST) Received: (from jgreco@localhost) by brasil.moneng.mei.com (8.7.Beta.1/8.7.Beta.1) id OAA26464; Wed, 30 Oct 1996 14:25:25 -0600 From: Joe Greco Message-Id: <199610302025.OAA26464@brasil.moneng.mei.com> Subject: Re: rlogind user name restrictions To: guido@gvr.win.tue.nl (Guido van Rooij) Date: Wed, 30 Oct 1996 14:25:25 -0600 (CST) Cc: john@starfire.mn.org, hackers@freebsd.org In-Reply-To: <199610301956.UAA09626@gvr.win.tue.nl> from "Guido van Rooij" at Oct 30, 96 08:56:19 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-hackers@freebsd.org X-Loop: FreeBSD.org Precedence: bulk > john@starfire.mn.org wrote: > > I understand the restriction on not passing a "username" to login that > > STARTS with '-', but I do not understand the restriction on it anywhere > > in the "lusername" string. Would any BAD THINGS happen if I relaxed > > the restriction to only check for the first character? > > > > The thing is, we have a user "star-net"... > > > > Yes you are right. > This has long been fixed in current. > > -Guido > > Here is the patch: > > --- /usr/src/libexec/rlogind/rlogind.c Sun Jun 23 15:07:44 1996 > +++ /tmp/rlogind.c Wed Oct 30 20:55:23 1996 > @@ -293,7 +293,7 @@ > if (f > 2) /* f should always be 0, but... */ > (void) close(f); > setup_term(0); > - if (strchr(lusername, '-')) { > + if (lusername == '-') { > syslog(LOG_ERR, "tried to pass user \"%s\" to login", > lusername); > fatal(STDERR_FILENO, "invalid user", 0); Try again? How about "*lusername"... :-) ... JG