tech-security: max_{login,group}len in /etc/security

Subject: max_{login,group}len in /etc/security
To: None <tech-security@netbsd.org>
From: Jukka Salmi <jukka-netbsd@2004.salmi.ch>
List: tech-security
Date: 04/11/2004 16:24:57

Hi,

what's the reason to set a maximum length for user and group names in
/etc/security (line 29 f. on -current)? I know it can easily be over-
ridden, but I wonder why it should be a security problem to have login
and group names with >8 chars.

TIA, Jukka

-- 
bashian roulette:
$ ((RANDOM%6)) || rm -rf ~