Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 4 Sep 2016 01:43:49 +0000
From:      Ed Maste <emaste@freebsd.org>
To:        Garrett Wollman <wollman@bimajority.org>
Cc:        Damian Weber <dweber@htwsaar.de>, freebsd-security@freebsd.org
Subject:   Re: edit others user crontab, security bug
Message-ID:  <CAPyFy2CNUdJUR7vYqGh=3jdudc9ERnAftYw2RoqN1xQXGThhEw@mail.gmail.com>
In-Reply-To: <22474.13802.335507.240401@hergotha.csail.mit.edu>
References:  <CA%2Bf9Cbu8q2KngxgAmZ8BrKYyYC5okDcMAs4nd=SJS6YpBMRJcQ@mail.gmail.com> <1472737438.3589865.712736753.5CFBB0DC@webmail.messagingengine.com> <alpine.BSF.2.20.1609011847040.21761@isl-dw.htwsaar.de> <22474.13802.335507.240401@hergotha.csail.mit.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
On 3 September 2016 at 02:31, Garrett Wollman <wollman@bimajority.org> wrote:
>
> I see now that this was fixed by emaste@ yesterday (r305269).  I'm a
> bit disappointed that it was done using MAXLOGNAME, but looking at the
> way it's used in the code, fixing it to use the proper POSIX parameter
> {LOGIN_NAME_MAX} would require significant restructuring, ...

Yep, as I mentioned in the code review for my change I agree cron
warrants a deeper investigation and refactoring, but I wanted to get
the immediate issue fixed as soon as possible.

-Ed



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2CNUdJUR7vYqGh=3jdudc9ERnAftYw2RoqN1xQXGThhEw>