Date: Wed, 30 Oct 1996 14:35:19 -0600 (CST) From: john@starfire.mn.org To: guido@gvr.win.tue.nl (Guido van Rooij) Cc: hackers@FreeBSD.ORG Subject: Re: rlogind user name restrictions Message-ID: <199610302035.OAA03828@starfire.mn.org> In-Reply-To: <199610301956.UAA09626@gvr.win.tue.nl> from "Guido van Rooij" at Oct 30, 96 08:56:19 pm
next in thread | previous in thread | raw e-mail | index | archive | help
Guido van Rooij wrote: > > john@starfire.mn.org wrote: > > I understand the restriction on not passing a "username" to login that > > STARTS with '-', but I do not understand the restriction on it anywhere > > in the "lusername" string. Would any BAD THINGS happen if I relaxed > > the restriction to only check for the first character? > > > > The thing is, we have a user "star-net"... > > Yes you are right. > This has long been fixed in current. Great! Thanks. > Here is the patch: Well, I was about to say that it looks exactly like mine, only IT DOESN'T! Here's why... > --- /usr/src/libexec/rlogind/rlogind.c Sun Jun 23 15:07:44 1996 > +++ /tmp/rlogind.c Wed Oct 30 20:55:23 1996 > @@ -293,7 +293,7 @@ > if (f > 2) /* f should always be 0, but... */ > (void) close(f); > setup_term(0); > - if (strchr(lusername, '-')) { > + if (lusername == '-') { ^^^^^^^^^ Shouldn't this be "*lusername" or "lusername[0]"????????? Unless this is simply a typo, the security we once had on this matter is toast, since that pointer is never going to be equal to '-'... Even doing this, has it been checked that there are no throw-away characters that login might skip over that would make the corrected test ineffectual? I'm not that totally familiar with the internal operation of "getopt" that I could speak authoritatively to this issue, which is why I didn't submit my diffs in the first place. That was what I meant by "BAD THINGS". > syslog(LOG_ERR, "tried to pass user \"%s\" to login", > lusername); > fatal(STDERR_FILENO, "invalid user", 0); John Lind, Starfire Consulting Services E-mail: john@starfire.MN.ORG USnail: PO Box 17247, Mpls MN 55417
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610302035.OAA03828>