On Sun, Feb 11, 2001 at 12:38:02AM +0100, Flatline wrote:
> When crontab has determined the name of the user calling crontab (using
> getpwuid()),
> the login name is stored in a 20 byte buffer using the strcpy() function
> (which does no bounds checking). 'useradd' (the utility used to add users
> to the system)
> however allows usernames of over 20 characters (32 at most on my distribution).
>
> Therefore, running crontab as a user whose login name exceeds 20 characters
> crashes it.
Then your useradd is broken and doing improper bounds checking.
I'm not sure why Vixie chose 20 characters, but it should be enough,
since usernames longer than 8 characters should not be expected to
behave properly. (They system won't know they're unique.) This is a
POSIX thing, last I heard.
~ g r @ eclipsed.net
- vixie cron possible local root compromise Flatline
- Re: vixie cron possible local root comp... Peter van Dijk
- Re: vixie cron possible local root comp... Blake R. Swopes
- Re: vixie cron possible local root ... Robert Varga
- Re: vixie cron possible local r... Arthur Clune
- Re: vixie cron possible loc... Peter W
- Re: vixie cron possibl... Flavio Veloso
- Re: vixie cron possible local r... Mate Wierdl
- Re: vixie cron possible local root comp... Valentin Nechayev
- Re: vixie cron possible local root comp... gabriel rosenkoetter
- Re: vixie cron possible local root ... Rodrigo Barbosa (aka morcego)
- (CORRECTION) Re: vixie cron pos... Rodrigo Barbosa (aka morcego)
- Re: vixie cron possible local r... Valdis Kletnieks
- Re: vixie cron possible loc... Juergen P. Meier
- Re: vixie cron possible local r... Nelson Brito
- Re: vixie cron possible local root ... Alan DeKok
- Re: vixie cron possible local r... gabriel rosenkoetter
- Re: vixie cron possible loc... Robert Bihlmeyer
- Re: vixie cron possible local root comp... Kris Kennaway
- Re: vixie cron possible local root comp... Andrew Brown
