On Mon, Aug 18, 2014 at 2:37 PM, Denys Vlasenko <vda.li...@googlemail.com> wrote:
> On Mon, Aug 18, 2014 at 3:17 PM, Laszlo Papp <lp...@kde.org> wrote: > >> > Denys, this fix was sent two weeks ago? Why have you not applied it > >> > until > >> > there is a better fix (if any)? This is still broken and results a > >> > system > >> > with potential stray users around. > >> > >> I'm having bad feelings about the fix along the lines of > >> > >> -#define PWD_BUFFER_SIZE 256 > >> -#define GRP_BUFFER_SIZE 256 > >> +#define PWD_BUFFER_SIZE 2*LOGIN_NAME_MAX+256 > >> +#define GRP_BUFFER_SIZE 2*LOGIN_NAME_MAX+256 > >> > >> I fear that people (situations) strange enough to use names as long as > >> > >> > fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff > >> can easily use names thrice as long. > > > > > > I do not follow. It is also completely inline with the desktop practice > that > > has existed for several decades now... > > > >> > >> From the API perspective, xmalloc_getpwnam(username) would be ideal. > >> But it would require significant rework. > > > > > > Exactly my point. I would be unhappy to keep patching my busybox locally > > just because stray users can stay around on my system with the latest > > busybox. My stance is usually applying changes that fix issues until > there > > are better approaches. Currently, I am not funded by anyone to work on > this > > "nice design" in full-time and I did provide a quick fix for the issue at > > hand. > > How sure are you that a buffer of 3*256 is big enough? > It is big enough for the passwd file itself. The group file is another issue... (luckily not affecting us).
_______________________________________________ busybox mailing list busybox@busybox.net http://lists.busybox.net/mailman/listinfo/busybox