Bugtraq mailing list archives

Re: Buffer Overrun / DOS in /bin/passwd (at least Redhat Linux

From: deraadt () CVS OPENBSD ORG (Theo de Raadt)
Date: Fri, 19 Dec 1997 15:08:27 -0700


In OpenBSD, we constrain the password line to be 1023 characters long
(_including_ expansion in the gecos field of all cases of '&' ->
username).

Perhaps this strict constraint isn't the perfect solution to the
problem, but it sure has stopped a few root holes.  One day we'll
rewrite it better: allow longer lengths, but check in lots of places.
(However a current benefit of this scheme is that the 1023 character
constraint also helps for the YP server case).


This solution saved us from the sendmail overflow in buildfname().

Current thread:

mIRC Worm, (continued)
- - - mIRC Worm Aleph One (Dec 18)
    - Re: mIRC Worm Nigel Reed (Dec 18)
    - Re: mIRC Worm Paul Wilson (Dec 18)
    - StackGuard: Automatic Protection From Stack-smashing Attacks Crispin Cowan (Dec 18)
    - Re: StackGuard: Automatic Protection From Stack-smashing Attacks Tim Newsham (Dec 19)
    - Re: StackGuard: Automatic Protection From Stack-smashing Attacks Theo de Raadt (Dec 19)
    - Xotpcalc, version 1.0 Ivan Nejgebauer (Dec 19)
    - Buffer Overrun / DOS in /bin/passwd (at least Redhat Linux 4.2) Alex Mottram (Dec 19)
    - Re: Buffer Overrun / DOS in /bin/passwd (at least Redhat Linux Alec Muffett (Dec 19)
    - f00f.patch (fwd) Ejovi (Dec 19)
    - Re: Buffer Overrun / DOS in /bin/passwd (at least Redhat Linux Theo de Raadt (Dec 19)
    - Administratrivia Aleph One (Dec 19)