mailing list archives
Re: Sun CDE 1.0.1: login bug
From: Doug.Hughes () ENG AUBURN EDU (Doug Hughes)
Date: Tue, 29 Jul 1997 08:14:20 -0500
I apologize if my discovery is old news, yet I thought it important
to share and find out if this is being worked on by Sun.
The problem is that CDE (Common Desktop Environment) seems to
accept logins with usernames which have spaces prepended to them.
I am not sure if this is the case with other window managers since
I did not test this with other then CDE.
What you describe doesn't seem to be much different than pre-CDE.
People can login with spaces with xdm on Solaris2 as well, but it's
more of a nuisance here than anything else (because they can't run
mailtool, and filemgr breaks, and other things break.) So far there
have been no associated security risks. The user still has the same
uid. His account is somewhat broken though, which is inconvenient.
We've had to add an entry to our local FAQ about it.
Doug Hughes Engineering Network Services
System/Net Admin Auburn University
doug () eng auburn edu
[linux-security] so-called snprintf() in db-1.85.4 (fwd) Aleph One (Jul 09)
MPE/iX Sec. Vulnerability with ICMP Echo Request (ping) Aleph One (Jul 09)