Subject: Re: bin/8428: uucpd truncates login names at 8 characters
To: Eric Schnoebelen <eric@cirr.com>
From: Greg A. Woods <woods@most.weird.com>
List: netbsd-bugs
Date: 09/24/1999 13:22:58
[ On Friday, September 24, 1999 at 10:28:29 (-0500), Eric Schnoebelen wrote: ]
> Subject: Re: bin/8428: uucpd truncates login names at 8 characters
>
> user[] shouldbe truncated to MAXLOGNAME to keep
> setlogin() happy, and I've incorporated that into a new patch
> below. I've also forced user[] to be null terminated after
> leaving readline(), in case someone attempts a buffer overflow
> by sending more than 64 characters (sizeof user).
Argh! I'd forgotten that the BSD kernel also needs to know this info
(and worse that some applications treat the result of getlogin() as
authoritative!).
I'd like to propose the following patch too as a result. It really
annoys me that various parts of the system pay attention to different
substrings in the user name, especially where authorisation and
accounting information is concerned.
Of course ultimately a more easily extensible utmp file format needs to
be defined, along with consolidation of the definition of the user-name
maximum length to a common location (such as perhaps <sys/syslimits.h>)
where it can be used to define things like UT_NAMESIZE, L_cuserid, etc.
I don't think it's necessary for the getpw family of functions to
implement any limits though, especially since the data structure they
use defines none, and especially if they are enhanced to be SysVr4
compatible with a fgetpwent() function (and better yet a setpwname()
function ala utmpxname() too!).
Index: src/include/utmp.h
===================================================================
RCS file: /cvs/NetBSD/src/include/utmp.h,v
retrieving revision 1.1.1.1
diff -c -c -r1.1.1.1 src/include/utmp.h
*** src/include/utmp.h 1998/02/20 00:30:43 1.1.1.1
--- src/include/utmp.h 1999/09/24 17:02:04
***************
*** 47,53 ****
#define _PATH_WTMP "/var/log/wtmp"
#define _PATH_LASTLOG "/var/log/lastlog"
! #define UT_NAMESIZE 8
#define UT_LINESIZE 8
#define UT_HOSTSIZE 16
--- 47,53 ----
#define _PATH_WTMP "/var/log/wtmp"
#define _PATH_LASTLOG "/var/log/lastlog"
! #define UT_NAMESIZE 8 /* must be == MAXLOGNAME (see <sys/param.h>) */
#define UT_LINESIZE 8
#define UT_HOSTSIZE 16
Index: src/sys/sys/param.h
===================================================================
RCS file: /cvs/NetBSD/src/sys/sys/param.h,v
retrieving revision 1.1.1.4
diff -c -c -r1.1.1.4 src/sys/sys/param.h
*** src/sys/sys/param.h 1998/11/16 21:35:32 1.1.1.4
--- src/sys/sys/param.h 1999/09/24 17:02:47
***************
*** 88,100 ****
* Redefined constants are from POSIX 1003.1 limits file.
*
* MAXCOMLEN should be >= sizeof(ac_comm) (see <acct.h>)
! * MAXLOGNAME should be >= UT_NAMESIZE (see <utmp.h>)
*/
#include <sys/syslimits.h>
#define MAXCOMLEN 16 /* max command name remembered */
#define MAXINTERP 64 /* max interpreter file name length */
! #define MAXLOGNAME 16 /* max login name length */
#define NCARGS ARG_MAX /* max bytes for an exec function */
#define NGROUPS NGROUPS_MAX /* max number groups */
#define NOFILE OPEN_MAX /* max open files per process */
--- 88,100 ----
* Redefined constants are from POSIX 1003.1 limits file.
*
* MAXCOMLEN should be >= sizeof(ac_comm) (see <acct.h>)
! * MAXLOGNAME must be == UT_NAMESIZE (see <utmp.h>)
*/
#include <sys/syslimits.h>
#define MAXCOMLEN 16 /* max command name remembered */
#define MAXINTERP 64 /* max interpreter file name length */
! #define MAXLOGNAME 8 /* max login name length */
#define NCARGS ARG_MAX /* max bytes for an exec function */
#define NGROUPS NGROUPS_MAX /* max number groups */
#define NOFILE OPEN_MAX /* max open files per process */
--
Greg A. Woods
+1 416 218-0098 VE3TCP <gwoods@acm.org> <robohack!woods>
Planix, Inc. <woods@planix.com>; Secrets of the Weird <woods@weird.com>