On Tue, Feb 13, 2001 at 03:54:00PM -0500, Alan DeKok wrote:
> I find this attitude amazing. You don't understand why other people
> would want to have usernames longer than 8 characters, so you're
> willing to blame *their* systems for security problems when insecure
> applications are executed on those systems.
Perhaps mine was not the most thought-out reply, but people who use
usernames longer than 8 characters should be aware that those
usernames are NOT unique under POSIX, and useradd programs that
allow them are at least *also* broken.
(No question that cron should do better bounds checking; my point
was that that bounds checking should be added out of paranoia, not
out of necessity.)
~ g r @ eclipsed.net
- Re: vixie cron possible loc... Flavio Veloso
- Re: vixie cron possible local root ... Mate Wierdl
- Re: vixie cron possible local root compromis... Valentin Nechayev
- Re: vixie cron possible local root compromis... gabriel rosenkoetter
- Re: vixie cron possible local root comp... Rodrigo Barbosa (aka morcego)
- (CORRECTION) Re: vixie cron possibl... Rodrigo Barbosa (aka morcego)
- Re: vixie cron possible local root ... Valdis Kletnieks
- Re: vixie cron possible local r... Juergen P. Meier
- Re: vixie cron possible local root ... Nelson Brito
- Re: vixie cron possible local root comp... Alan DeKok
- Re: vixie cron possible local root ... gabriel rosenkoetter
- Re: vixie cron possible local r... Robert Bihlmeyer
- Re: vixie cron possible local root compromis... Kris Kennaway
- Re: vixie cron possible local root compromis... Andrew Brown
- Re: vixie cron possible local root comp... Alfred Perlstein
- Re: vixie cron possible local root compromis... Mark van Reijn
- Re: vixie cron possible local root compromis... Wolfgang Wieser
- Re: vixie cron possible local root compromis... Settle, Sean
