Bugtraq mailing list archives
Re: vixie cron possible local root compromise
From: "Settle, Sean" <SeanSettle () ALLIANTFS COM>
Date: Wed, 14 Feb 2001 17:42:36 -0700
% uname -smr; man passwd FreeBSD 4.2-RELEASE i386 RESTRICTIONS username Login name. May contain only lowercase characters or digits. Maximum length is 16 characters (see setlogin(2) BUGS section). The reasons for this limit are "Historical". Given that people have traditionally wanted to break this limit for aesthetic rea- sons, it's never been of great importance to break such a basic fundamental parameter in UNIX. You can change UT_NAMESIZE in /usr/include/utmp.h and recompile the world; people have done this and it works, but you will have problems with any precom- piled programs, or source that assumes the 8-character name limit and NIS. The NIS protocol mandates an 8-character username. If you need a longer login name for e-mail addresses, you can define an alias in /etc/mail/aliases. On HP-UX I couldn't find this information in passwd or useradd. I took a peek at 'man utmp' and found this, but it's probably not the final word on the subject: struct utmp { char ut_user[8]; /* User login name */ char ut_id[4]; /* /etc/inittab id(usually line#)*/ char ut_line[12] /* device name (console, lnxx) */ pid_t ut_pid; /* process id */ Sean Settle "To sin by silence when we should protest makes cowards out of men" - Ella Wheeler Wilcox X Network Services Q NPC X Phoenix, AZ SMTP: seansettle () alliantfs com -----Original Message----- From: Valdis Kletnieks [mailto:Valdis.Kletnieks () VT EDU] Sent: Wednesday, February 14, 2001 9:34 AM To: BUGTRAQ () SECURITYFOCUS COM Subject: Re: vixie cron possible local root compromise On Tue, 13 Feb 2001 22:27:14 -0200, "Rodrigo Barbosa (aka morcego)" <rodrigob () CONECTIVA COM BR> said:
#include <wtmpx.h> main () { printf("%d\n",__UT_NAMESIZE); }
Of course, what's important isn't what wtmpx.h defines it as, but what pwd.h has to say about it. If getpwent() won't handle it, your wtmp format doesn't matter... Note also that some systems have utmpx.h not wtmpx.h
If anyone can find any system that reports less then 32, it will be an
exce=
ption of the rule. Of course I mean current systems. libc5 systems, AIX 3.2 and
o=
ld systems like that will probably return 16 or even 8.
AIX 4.3.3 and AIX 5.0 both limit it to 8 in utmpx.h Solaris 5.7 has a 32-char limit in wtmp, but has this in 'man useradd': The login field (login ) is a string no more than eight bytes consisting of characters from the set of alphabetic characters, numeric characters, period (.), underscore (_), and hypen (-). The first character should be alpha- betic and the field should contain at least one lower case alphabetic character. A warning message will be written if these restrictions are not met. A future Solaris release may refuse to accept login fields that do not meet these requirements. The login field must contain at least one character and must not contain a colon (:) or a newline (\n). SGI 6.5.10f has a 32-char limit in utmpx.h, but 'man 4 passwd' says this: name User's login name -- consists of alphanumeric characters and must not be greater than eight characters long. It is recommended that the login name consist of a leading lower case letter followed by a combination of digits and lower case letters for greatest portability across multiple versions of the UNIX operating system. This recommendation can be safely ignored for users local to IRIX systems. The pwck(1M) command checks for the greatest possible portability on names, and complains about user names that do not cause problems on IRIX. I'll let somebody else check Tru64 and HP/UX, I don't have access to them at the moment. Moral of the story: Not all the world is Linux, and some vendors care more about backward and cross compatability than being the latest-and-greatest. -- Valdis Kletnieks Operating Systems Analyst Virginia Tech
Current thread:
- Re: vixie cron possible local root compromise, (continued)
- Re: vixie cron possible local root compromise Juergen P. Meier (Feb 15)
- Re: vixie cron possible local root compromise Nelson Brito (Feb 15)
- Re: vixie cron possible local root compromise Alan DeKok (Feb 13)
- Re: vixie cron possible local root compromise gabriel rosenkoetter (Feb 13)
- Re: vixie cron possible local root compromise Robert Bihlmeyer (Feb 15)
- Re: vixie cron possible local root compromise Kris Kennaway (Feb 13)
- Re: vixie cron possible local root compromise Andrew Brown (Feb 13)
- Re: vixie cron possible local root compromise Alfred Perlstein (Feb 13)
- Re: vixie cron possible local root compromise Mark van Reijn (Feb 12)
- Re: vixie cron possible local root compromise Wolfgang Wieser (Feb 15)
- Re: vixie cron possible local root compromise Settle, Sean (Feb 15)