[ On Friday, September 17, 1999 at 10:12:57 (-0500), eric@cirr.com wrote: ]
> Subject: bin/8428: uucpd truncates login names at 8 characters
>
> 	uucpd truncates login names at 8 characters causing uucp users
> 	with longer login names to be denied access.

Yes, it has always done that.

> 	(as I recall, either 1.3 or 1.4 of NetBSD raised the length on
> 	user names above 8 characters.)

Not that I've seen (not where it really matters UT_NAMESIZE == 8 &&
L_cuserid == 9), but FreeBSD has done this.

> >Fix:
> 	[ the following fix is in service on uucp.cirr.com]
> 	--- uucpd.c~	Fri Sep 17 09:57:44 1999
> 	+++ uucpd.c	Fri Sep 17 09:56:31 1999
> 	@@ -159,8 +159,7 @@
> 				return;
> 			}
> 		} while (user[0] == '\0');
> 	-	/* truncate username to 8 characters */
> 	-	user[8] = '\0';
> 	+
> 		pw = getpwnam(user);
> 		if (pw == NULL || (pw->pw_passwd && *pw->pw_passwd != '\0')) {
> 			printf("Password: ");

Did you check through the rest of the code to see if there are any
possible bugs opened up by allowing the "user" full control over the
size and content of the username?

-- 
							Greg A. Woods

+1 416 218-0098      VE3TCP      <gwoods@acm.org>      <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>