Re: Buffer Overrun / DOS in /bin/passwd (at least Redhat Linux 4.2)

Theo de Raadt (deraadt@CVS.OPENBSD.ORG)
Fri, 19 Dec 1997 15:08:27 -0700

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ivan Nejgebauer: "Xotpcalc, version 1.0"
Previous message: Theo de Raadt: "Re: StackGuard: Automatic Protection From Stack-smashing Attacks"
Maybe in reply to: Alex Mottram: "Buffer Overrun / DOS in /bin/passwd (at least Redhat Linux 4.2)"

In OpenBSD, we constrain the password line to be 1023 characters long
(_including_ expansion in the gecos field of all cases of '&' ->
username).

Perhaps this strict constraint isn't the perfect solution to the
problem, but it sure has stopped a few root holes. One day we'll
rewrite it better: allow longer lengths, but check in lots of places.
(However a current benefit of this scheme is that the 1023 character
constraint also helps for the YP server case).

This solution saved us from the sendmail overflow in buildfname().

Next message: Ivan Nejgebauer: "Xotpcalc, version 1.0"
Previous message: Theo de Raadt: "Re: StackGuard: Automatic Protection From Stack-smashing Attacks"
Maybe in reply to: Alex Mottram: "Buffer Overrun / DOS in /bin/passwd (at least Redhat Linux 4.2)"