Date: Wed, 30 Oct 1996 14:25:25 -0600 (CST) From: Joe Greco <jgreco@brasil.moneng.mei.com> To: guido@gvr.win.tue.nl (Guido van Rooij) Cc: john@starfire.mn.org, hackers@freebsd.org Subject: Re: rlogind user name restrictions Message-ID: <199610302025.OAA26464@brasil.moneng.mei.com> In-Reply-To: <199610301956.UAA09626@gvr.win.tue.nl> from "Guido van Rooij" at Oct 30, 96 08:56:19 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> john@starfire.mn.org wrote: > > I understand the restriction on not passing a "username" to login that > > STARTS with '-', but I do not understand the restriction on it anywhere > > in the "lusername" string. Would any BAD THINGS happen if I relaxed > > the restriction to only check for the first character? > > > > The thing is, we have a user "star-net"... > > > > Yes you are right. > This has long been fixed in current. > > -Guido > > Here is the patch: > > --- /usr/src/libexec/rlogind/rlogind.c Sun Jun 23 15:07:44 1996 > +++ /tmp/rlogind.c Wed Oct 30 20:55:23 1996 > @@ -293,7 +293,7 @@ > if (f > 2) /* f should always be 0, but... */ > (void) close(f); > setup_term(0); > - if (strchr(lusername, '-')) { > + if (lusername == '-') { > syslog(LOG_ERR, "tried to pass user \"%s\" to login", > lusername); > fatal(STDERR_FILENO, "invalid user", 0); Try again? How about "*lusername"... :-) ... JG
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610302025.OAA26464>