From owner-freebsd-bugs@FreeBSD.ORG Fri Aug 12 17:00:23 2011 Return-Path: Delivered-To: freebsd-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 18CDB1065674 for ; Fri, 12 Aug 2011 17:00:23 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id C99568FC0A for ; Fri, 12 Aug 2011 17:00:22 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.4/8.14.4) with ESMTP id p7CH0MUt017489 for ; Fri, 12 Aug 2011 17:00:22 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.4/8.14.4/Submit) id p7CH0Mk4017488; Fri, 12 Aug 2011 17:00:22 GMT (envelope-from gnats) Resent-Date: Fri, 12 Aug 2011 17:00:22 GMT Resent-Message-Id: <201108121700.p7CH0Mk4017488@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Robert Auch Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DB8301065674 for ; Fri, 12 Aug 2011 16:53:04 +0000 (UTC) (envelope-from nobody@FreeBSD.org) Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22]) by mx1.freebsd.org (Postfix) with ESMTP id CB3EF8FC1E for ; Fri, 12 Aug 2011 16:53:04 +0000 (UTC) Received: from red.freebsd.org (localhost [127.0.0.1]) by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p7CGr4Mg045147 for ; Fri, 12 Aug 2011 16:53:04 GMT (envelope-from nobody@red.freebsd.org) Received: (from nobody@localhost) by red.freebsd.org (8.14.4/8.14.4/Submit) id p7CGr4Oo045140; Fri, 12 Aug 2011 16:53:04 GMT (envelope-from nobody) Message-Id: <201108121653.p7CGr4Oo045140@red.freebsd.org> Date: Fri, 12 Aug 2011 16:53:04 GMT From: Robert Auch To: freebsd-gnats-submit@FreeBSD.org X-Send-Pr-Version: www-3.1 Cc: Subject: misc/159721: Usernames that are too long get logged onto GUI console as root X-BeenThere: freebsd-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Aug 2011 17:00:23 -0000 >Number: 159721 >Category: misc >Synopsis: Usernames that are too long get logged onto GUI console as root >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Aug 12 17:00:22 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Robert Auch >Release: 8.1 >Organization: BeyondTrust Software >Environment: >Description: A user with a logon name longer than 8 characters gets logged into FreeBSD as "root" after successful authentication as themselves, when logging in through GDM. This problem cannot be replicated in GDM on Linux, and appears to be related to the 8 character username limit in FreeBSD. [root@freebsd81-64 /usr/home/LAMPI/localuser10]# su LAMPI\\localuser10 su: username too long Any users coming from BeyondTrust PBIS or Likewise Open or NIS or LDAP who have usernames longer than 8 characters get blocked logging in via ssh or su, but when authenticating via GDM, they are dropped into the OS as "root" with $EUID=0 and $UID=0. [root@freebsd81-64 /usr/home/LAMPI/localuser10]# id lampi\\localuser10 uid=239600760(LAMPI\localuser10) gid=239600129(LAMPI\domain^users) groups=239600129(LAMPI\domain^users),1545(BUILTIN\Users) >How-To-Repeat: Create a user in a shared authentication engine with length($user) > 8. make sure that the user shows up in NSS via "id". Then log in via GDM as the user. Open a terminal and type "id" to see that the user is now "root". >Fix: >Release-Note: >Audit-Trail: >Unformatted: