adduser/passwd: too long username

Laszlo Papp lpapp at kde.org
Mon Aug 18 13:17:55 UTC 2014


On Mon, Aug 18, 2014 at 2:12 PM, Denys Vlasenko <vda.linux at googlemail.com>
wrote:

> On Sun, Aug 17, 2014 at 12:48 PM, Laszlo Papp <lpapp at kde.org> wrote:
> >
> >
> >
> > On Tue, Aug 5, 2014 at 8:34 PM, Laszlo Papp <lpapp at kde.org> wrote:
> >>
> >> On Tue, Aug 5, 2014 at 7:16 PM, Denys Vlasenko <
> vda.linux at googlemail.com>
> >> wrote:
> >>>
> >>> On Mon, Aug 4, 2014 at 7:06 PM, Laszlo Papp <lpapp at kde.org> wrote:
> >>> > sudo busybox adduser
> >>> >
> >>> >
> fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
> >>> > passwd: unknown user
> >>> >
> >>> >
> fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
> >>> >
> >>> > Yet, the user is created in /etc/shadow:
> >>> >
> >>> >
> >>> >
> fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff:!:16286:0:99999:7:::
> >>> >
> >>> > This is at least one issue, but there is another here:
> >>> >
> >>> > sudo busybox deluser
> >>> >
> >>> >
> fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
> >>> > deluser: unknown user
> >>> >
> >>> >
> fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
> >>>
> >>> Both issues come from the same location in codebase:
> >>> bb__pgsreader() parser drops lines which are longer than its buffer.
> >>>
> >>> Effectively, bbox ignores offending line in /etc/passwd.
> >>>
> >>> > Could you please look into this and potentially fix it? Thanks in
> >>> > advance.
> >>>
> >>> Anyone willing to rewrite getpwnam API to use variable-sized malloced
> >>> buffer?
> >>
> >>
> >> Is that a junior job?
> >
> >
> > Denys, this fix was sent two weeks ago? Why have you not applied it until
> > there is a better fix (if any)? This is still broken and results a system
> > with potential stray users around.
>
> I'm having bad feelings about the fix along the lines of
>
> -#define PWD_BUFFER_SIZE 256
> -#define GRP_BUFFER_SIZE 256
> +#define PWD_BUFFER_SIZE 2*LOGIN_NAME_MAX+256
> +#define GRP_BUFFER_SIZE 2*LOGIN_NAME_MAX+256
>
> I fear that people (situations) strange enough to use names as long as
>
> fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff
> can easily use names thrice as long.
>

I do not follow. It is also completely inline with the desktop practice
that has existed for several decades now...


> From the API perspective, xmalloc_getpwnam(username) would be ideal.
> But it would require significant rework.
>

Exactly my point. I would be unhappy to keep patching my busybox locally
just because stray users can stay around on my system with the latest
busybox. My stance is usually applying changes that fix issues until there
are better approaches. Currently, I am not funded by anyone to work on this
"nice design" in full-time and I did provide a quick fix for the issue at
hand.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.busybox.net/pipermail/busybox/attachments/20140818/78d1ea5b/attachment-0001.html>


More information about the busybox mailing list