Date: Wed, 30 Oct 1996 20:56:19 +0100 (MET) From: Guido van Rooij <guido@gvr.win.tue.nl> To: john@starfire.mn.org Cc: hackers@FreeBSD.ORG Subject: Re: rlogind user name restrictions Message-ID: <199610301956.UAA09626@gvr.win.tue.nl> In-Reply-To: <199610171436.JAA07828@starfire.mn.org> from "john@starfire.mn.org" at "Oct 17, 96 09:36:27 am"
next in thread | previous in thread | raw e-mail | index | archive | help
john@starfire.mn.org wrote: > I understand the restriction on not passing a "username" to login that > STARTS with '-', but I do not understand the restriction on it anywhere > in the "lusername" string. Would any BAD THINGS happen if I relaxed > the restriction to only check for the first character? > > The thing is, we have a user "star-net"... > Yes you are right. This has long been fixed in current. -Guido Here is the patch: --- /usr/src/libexec/rlogind/rlogind.c Sun Jun 23 15:07:44 1996 +++ /tmp/rlogind.c Wed Oct 30 20:55:23 1996 @@ -293,7 +293,7 @@ if (f > 2) /* f should always be 0, but... */ (void) close(f); setup_term(0); - if (strchr(lusername, '-')) { + if (lusername == '-') { syslog(LOG_ERR, "tried to pass user \"%s\" to login", lusername); fatal(STDERR_FILENO, "invalid user", 0);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610301956.UAA09626>