Subject: Re: misc/2668: login-names >8 chars make no fun
To: der Mouse <mouse@Holo.Rodents.Montreal.QC.CA>
From: Charles M. Hannum <>
List: current-users
Date: 08/30/1996 16:43:54
der Mouse <mouse@Holo.Rodents.Montreal.QC.CA> writes:

> Evangelical points of view aside, though, it does seem to me that if
> you're going to break binary compatability anyway, you should do so in
> an extensible way: redefine the file format so that it includes all
> these lengths in the file, so that when someone wants usernames longer
> than 16, or whatever, we don't have this situation happening again.

I presume you're implying that software should check what sizes the
file is using and DTRT.  That would be nice, but what do you do about
the in-core format?  And how do you inform the applications what the
sizes are?

There's a lot of code in the world, including much of our own, that
uses sizeof(ut_name) and/or UT_NAMESIZE, etc.  What do you do about
them?  Pick some large in-core size, and always truncate in the
library?  Anything else is going to break source compatibility.

(Although I can see significant justification for breaking source
compatibility in some ways...)

On a related topic, Solaris uses a setuid program to manipulate utmp
and wtmp, I presume in the theory that this means other pieces of code
that use it do *not* need to be setuid.  Unfortunately, for this to
work, it has to be able to tell whether you really own the tty.
STREAMS clone devices deal with this nicely...