Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Sun CDE 1.0.1: login bug
From: Doug.Hughes () ENG AUBURN EDU (Doug Hughes)
Date: Tue, 29 Jul 1997 08:14:20 -0500


I apologize if my discovery is old news, yet I thought it important
to share and find out if this is being worked on by Sun.

The problem is that CDE (Common Desktop Environment) seems to
accept logins with usernames which have spaces prepended to them.
I am not sure if this is the case with other window managers since
I did not test this with other then CDE.

What you describe doesn't seem to be much different than pre-CDE.
People can login with spaces with xdm on Solaris2 as well, but it's
more of a nuisance here than anything else (because they can't run
mailtool, and filemgr breaks, and other things break.) So far there
have been no associated security risks. The user still has the same
uid.  His account is somewhat broken though, which is inconvenient.
We've had to add an entry to our local FAQ about it.

Doug Hughes                                     Engineering Network Services
System/Net Admin                                Auburn University
                        doug () eng auburn edu

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]