Re: Hurd Login Utility

bug-hurd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hurd Login Utility

From:	James Clarke
Subject:	Re: Hurd Login Utility
Date:	Tue, 29 Sep 2015 16:27:14 +0100 (BST)
User-agent:	Alpine 2.20 (OSX 67 2015-01-07)

This seems to be caused by a segfault, so I imagine this is not intended! 
Tracking down the cause...

James

On Tue, 29 Sep 2015, James Clarke wrote:

Whilst looking through the code in utils/login.c, I noticed a security issue. 
Even if --paranoid is set, if you give it a UID that doesn’t exist (login 
treats it as a UID if the first character is a digit, with no fallback to 
treating it as a username), it will exit without prompting for a password (and 
of course prompts for a password if it is a valid UID!). Is this intentional?
I was also thinking that login should prompt for a username if not provided on 
the command line, as with Linux and BSD. This would in fact let us get rid of 
/bin/loginpr (currently we go via bash just to prompt for a username, and then 
exec login, which seems unnecessary). Thoughts?

James

[Prev in Thread]

Current Thread

[Next in Thread]

Hurd Login Utility, James Clarke, 2015/10/04
- Re: Hurd Login Utility, James Clarke <=
  - [PATCH 0/1] Add missing null checks in libshouldbeinlibc, James Clarke, 2015/10/08
  - [PATCH 1/1] Add missing null checks in libshouldbeinlibc, James Clarke, 2015/10/08
    - Re: [PATCH 1/1] Add missing null checks in libshouldbeinlibc, Justus Winter, 2015/10/08

Prev by Date: Hurd Login Utility
Next by Date: [PATCH 0/1] Add missing null checks in libshouldbeinlibc
Previous by thread: Hurd Login Utility
Next by thread: [PATCH 0/1] Add missing null checks in libshouldbeinlibc
Index(es):
- Date
- Thread