Date: Sun, 4 Sep 2016 01:43:49 +0000 From: Ed Maste <emaste@freebsd.org> To: Garrett Wollman <wollman@bimajority.org> Cc: Damian Weber <dweber@htwsaar.de>, freebsd-security@freebsd.org Subject: Re: edit others user crontab, security bug Message-ID: <CAPyFy2CNUdJUR7vYqGh=3jdudc9ERnAftYw2RoqN1xQXGThhEw@mail.gmail.com> In-Reply-To: <22474.13802.335507.240401@hergotha.csail.mit.edu> References: <CA%2Bf9Cbu8q2KngxgAmZ8BrKYyYC5okDcMAs4nd=SJS6YpBMRJcQ@mail.gmail.com> <1472737438.3589865.712736753.5CFBB0DC@webmail.messagingengine.com> <alpine.BSF.2.20.1609011847040.21761@isl-dw.htwsaar.de> <22474.13802.335507.240401@hergotha.csail.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3 September 2016 at 02:31, Garrett Wollman <wollman@bimajority.org> wrote:
>
> I see now that this was fixed by emaste@ yesterday (r305269). I'm a
> bit disappointed that it was done using MAXLOGNAME, but looking at the
> way it's used in the code, fixing it to use the proper POSIX parameter
> {LOGIN_NAME_MAX} would require significant restructuring, ...
Yep, as I mentioned in the code review for my change I agree cron
warrants a deeper investigation and refactoring, but I wanted to get
the immediate issue fixed as soon as possible.
-Ed
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPyFy2CNUdJUR7vYqGh=3jdudc9ERnAftYw2RoqN1xQXGThhEw>