Hosting Provided By

minor robustness problem in at(1)

From: Anders Thulin <ath(at)algonet.se>
Date: Sat Jan 25 2003 - 15:21:42 EST

... seems my sendmail setup isn't up to do sendbug yet -- hope this is OK ...

This is on OpenBSD 3.2 stable.

In /usr/src/usr.bin/at/perm.c, the tests against at.allow and at.deny for permission to run at(1) are performed.

The routine check_for_user() treats empty lines in the files as 'names' to be tested against the user name. If, by some odd combination of effects, getpwent would return an empty user name, and there is an empty line in at.allow (e.g. at the end, as usually happens), permission to run at(1) will be granted. This seems less robust that could be expected.

The only scenario that seems remotely possible involves duplicate password file entries, with the first one having an empty user name. A bit clumsiness with vipw seems a possible way of producing that -- and it will probably mess up other things apart from at(1).

There are some similar scenarious involving user names with only blanks or only non-printable chars. But I can't make my mind up if user ' ' is OK to have around on a OpenBSD system, so I'm not sure if that is a problem or not.

-- 
Anders Thulin     
ath(at)algonet.se     
http://www.algonet.se/~ath

Received on Sat Jan 25 15:22:35 2003

This message: [ Message body ]
Next message: Dan Weeks: "Re: ppc/3077: MAC address swapping with dc(4) on macppc"
Previous message: Marco S Hyman: "Re: pthreads bug - memory leak"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 13:29:48 EDT