Bugtraq mailing list archives
Re: vixie cron possible local root compromise
From: gabriel rosenkoetter <gr () ECLIPSED NET>
Date: Tue, 13 Feb 2001 15:56:32 -0500
On Tue, Feb 13, 2001 at 03:54:00PM -0500, Alan DeKok wrote:
I find this attitude amazing. You don't understand why other people would want to have usernames longer than 8 characters, so you're willing to blame *their* systems for security problems when insecure applications are executed on those systems.
Perhaps mine was not the most thought-out reply, but people who use
usernames longer than 8 characters should be aware that those
usernames are NOT unique under POSIX, and useradd programs that
allow them are at least *also* broken.
(No question that cron should do better bounds checking; my point
was that that bounds checking should be added out of paranoia, not
out of necessity.)
~ g r @ eclipsed.net
Current thread:
- Re: vixie cron possible local root compromise, (continued)
- Re: vixie cron possible local root compromise Mate Wierdl (Feb 15)
- Re: vixie cron possible local root compromise Peter van Dijk (Feb 12)
- Re: vixie cron possible local root compromise Valentin Nechayev (Feb 12)
- Re: vixie cron possible local root compromise gabriel rosenkoetter (Feb 13)
- Re: vixie cron possible local root compromise Rodrigo Barbosa (aka morcego) (Feb 13)
- (CORRECTION) Re: vixie cron possible local root compromise Rodrigo Barbosa (aka morcego) (Feb 14)
- Re: vixie cron possible local root compromise Valdis Kletnieks (Feb 14)
- Re: vixie cron possible local root compromise Juergen P. Meier (Feb 15)
- Re: vixie cron possible local root compromise Nelson Brito (Feb 15)
- Re: vixie cron possible local root compromise Rodrigo Barbosa (aka morcego) (Feb 13)
- Re: vixie cron possible local root compromise Alan DeKok (Feb 13)
- Re: vixie cron possible local root compromise gabriel rosenkoetter (Feb 13)
- Re: vixie cron possible local root compromise Robert Bihlmeyer (Feb 15)
- Re: vixie cron possible local root compromise Alfred Perlstein (Feb 13)