su Password Buffer

bug-coreutils

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

su Password Buffer

From:	Zach J. Elko
Subject:	su Password Buffer
Date:	23 May 2003 14:54:57 -0400

Hello. I have noticed that su has a 511 byte buffer for the password,
and anything past that 511 byte buffer gets passed onto the shell for
execution. Granted, it executes that command as the user who ran su, I
think it would be better to just display an error message and then take
the excess bytes and throw them into /dev/null. I don't see what purpose
it serves to have those bytes passed onto the shell, just an unnecessary
evil. I will demonstrate below.
--------------------------------------------------------------
address@hidden sutest]$ su
Password:
su: incorrect password
address@hidden sutest]$ ls
somefile.txt
address@hidden sutest]$
--------------------------------------------------------------
I typed su, then hit return. For the password, I entered 511 pound
signs, followed by the ls command, with no space between that and the
pound signs. Any feedback or explanation would be appreciated. Thanks.
-- 
Zach J. Elko
Sentinel Systems Incorporated

[Prev in Thread]

Current Thread

[Next in Thread]

su Password Buffer, Zach J. Elko <=
- Re: su Password Buffer, Bob Proulx, 2003/05/24
  - Re: su Password Buffer, Paul Jarc, 2003/05/27

Prev by Date: Test failed while making check in ls
Next by Date: Re: su Password Buffer
Previous by thread: Test failed while making check in ls
Next by thread: Re: su Password Buffer
Index(es):
- Date
- Thread