|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
re: max_{login,group}len in /etc/security
From: matthew green (mrg
eterna.com.au)
Date: Sun Apr 11 2004 - 19:23:38 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In message <20040411142457.GA187himo.salmi.ch>, Jukka Salmi writes:
>Hi,
>
>what's the reason to set a maximum length for user and group names in
>/etc/security (line 29 f. on -current)? I know it can easily be over-
>ridden, but I wonder why it should be a security problem to have login
>and group names with >8 chars.
At least for user names, the issue is ambiguity in programs that limit
the length -- note that utmp.h, for example, limits user names to 8
characters.
That said, I'd really like it if the that would change, but it could
break backwards binary compatibility in a major way. (A quick grep
shows about 40 files in /usr/src that include utmp.h -- and I didn't
even try to look at pkgsrc.)
how many of those also include utmpx.h? (and use it properly)
.mrg.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]