Bugtraq mailing list archives

Re: vixie cron possible local root compromise

From: "Juergen P. Meier" <jpm () class de>
Date: Thu, 15 Feb 2001 13:51:22 +0100

On Wed, Feb 14, 2001 at 11:34:02AM -0500, Valdis Kletnieks wrote:

Of course, what's important isn't what wtmpx.h defines it as, but what pwd.h
has to say about it.  If getpwent() won't handle it, your wtmp format doesn't
matter...

Note also that some systems have utmpx.h not wtmpx.h

If anyone can find any system that reports less then 32, it will be an exce=
ption
of the rule. Of course I mean current systems. libc5 systems, AIX 3.2 and o=
ld
systems like that will probably return 16 or even 8.


AIX 4.3.3 and AIX 5.0 both limit it to 8 in utmpx.h

Solaris 5.7 has a 32-char limit in wtmp, but has this in 'man useradd':


Years of wrestling a big NIS+ cluster with sun's and linux systems
teached me that one should _never_ ever completly trust anything thats just
written the manual (pages) - its always better to check with the
source (or at least the header's) - and check portability before anything
else ;)

Btw, the file-db routines in solaris (in solaris 2.4 through 2.6,
dont know what 7 and 8 make of it) lib's do handle login names of up to
32 chars well. Its just that NIS+ is horribly broken when it comes
to long login names (and passwords, btw ;).
One does also run into big problems with all login-type daemons like
ftp, rsh etc.

Just a side note: in /usr/include/limits.h one can find this:

(sol 2.6, 7 and 8)
#define LOGNAME_MAX     8       /* max # of characters in a login name */
/* POSIX.1c conformant */
#define _POSIX_LOGIN_NAME_MAX                   9

Thats one reason why i used to include <limits.h> in my programs ;)


Moral of the story:  Not all the world is Linux, and some vendors care
more about backward and cross compatability than being the latest-and-greatest.

ACK

--
                              Valdis Kletnieks
                              Operating Systems Analyst
                              Virginia Tech


Juergen

--
Juergen P. Meier                        email: jpm () class de

Current thread:

Re: vixie cron possible local root compromise, (continued)
- - - Re: vixie cron possible local root compromise Arthur Clune (Feb 15)
    - Re: vixie cron possible local root compromise Peter W (Feb 15)
    - Re: vixie cron possible local root compromise Flavio Veloso (Feb 16)
    - Re: vixie cron possible local root compromise Mate Wierdl (Feb 15)
- Re: vixie cron possible local root compromise Peter van Dijk (Feb 12)
- Re: vixie cron possible local root compromise Valentin Nechayev (Feb 12)
- Re: vixie cron possible local root compromise gabriel rosenkoetter (Feb 13)
  - Re: vixie cron possible local root compromise Rodrigo Barbosa (aka morcego) (Feb 13)
    - (CORRECTION) Re: vixie cron possible local root compromise Rodrigo Barbosa (aka morcego) (Feb 14)
    - Re: vixie cron possible local root compromise Valdis Kletnieks (Feb 14)
    - Re: vixie cron possible local root compromise Juergen P. Meier (Feb 15)
    - Re: vixie cron possible local root compromise Nelson Brito (Feb 15)
  - Re: vixie cron possible local root compromise Alan DeKok (Feb 13)
    - Re: vixie cron possible local root compromise gabriel rosenkoetter (Feb 13)
    - Re: vixie cron possible local root compromise Robert Bihlmeyer (Feb 15)
- Re: vixie cron possible local root compromise Kris Kennaway (Feb 13)
- Re: vixie cron possible local root compromise Andrew Brown (Feb 13)
  - Re: vixie cron possible local root compromise Alfred Perlstein (Feb 13)
- Re: vixie cron possible local root compromise Mark van Reijn (Feb 12)
- Re: vixie cron possible local root compromise Wolfgang Wieser (Feb 15)
- Re: vixie cron possible local root compromise Settle, Sean (Feb 15)