>When crontab has determined the name of the user calling crontab (using >getpwuid()), >the login name is stored in a 20 byte buffer using the strcpy() function >(which does no bounds checking). 'useradd' (the utility used to add users >to the system) >however allows usernames of over 20 characters (32 at most on my distribution). i can see how this is an "issue", but don't you already have to be root to get a user name longer than 20 characters? or are you just assuming that some admins out there will fail to balk at such a strange request? -- |-----< "CODE WARRIOR" >-----| [EMAIL PROTECTED] * "ah! i see you have the internet [EMAIL PROTECTED] (Andrew Brown) that goes *ping*!" [EMAIL PROTECTED] * "information is power -- share the wealth."
- Re: vixie cron possible local root compromis... gabriel rosenkoetter
- Re: vixie cron possible local root comp... Rodrigo Barbosa (aka morcego)
- (CORRECTION) Re: vixie cron possibl... Rodrigo Barbosa (aka morcego)
- Re: vixie cron possible local root ... Valdis Kletnieks
- Re: vixie cron possible local r... Juergen P. Meier
- Re: vixie cron possible local root ... Nelson Brito
- Re: vixie cron possible local root comp... Alan DeKok
- Re: vixie cron possible local root ... gabriel rosenkoetter
- Re: vixie cron possible local r... Robert Bihlmeyer
- Re: vixie cron possible local root compromis... Kris Kennaway
- Re: vixie cron possible local root compromis... Andrew Brown
- Re: vixie cron possible local root comp... Alfred Perlstein
- Re: vixie cron possible local root compromis... Mark van Reijn
- Re: vixie cron possible local root compromis... Wolfgang Wieser
- Re: vixie cron possible local root compromis... Settle, Sean