[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re[2]: 'password' command in GRUB 2?
From: |
Robert Millan |
Subject: |
Re: Re[2]: 'password' command in GRUB 2? |
Date: |
Sun, 23 Aug 2009 12:14:46 +0200 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
On Fri, Aug 21, 2009 at 01:30:14PM +0200, Vladimir 'phcoder' Serbinenko wrote:
> >
> >> +grub_err_t
> >> +grub_auth_check_authentication (const char *userlist)
> >> +{
> >> + char login[1024] = {0};
> >
> > Please avoid arbitrary limits. If the grub_cmdline_get() API is enforcing
> > them, then this function is wrong and should be using malloc() instead
> > (like,
> > say, getline() or asprintf() do).
> >
>
> If user has a username longer than 1K it can mean only that he is
> trying to execute buffer overflow.
Maybe. Or maybe it's just 8 bytes and we're claiming 1K of stack
unnecessarily.
In any case, GCS mandates that we avoid arbitrary length limits:
http://www.gnu.org/prep/standards/standards.html#Semantics
--
Robert Millan
The DRM opt-in fallacy: "Your data belongs to us. We will decide when (and
how) you may access your data; but nobody's threatening your freedom: we
still allow you to remove your data and not access it at all."
- Re: Re[2]: 'password' command in GRUB 2?, Robert Millan, 2009/08/19
- Re: Re[2]: 'password' command in GRUB 2?, Robert Millan, 2009/08/20
- Re: Re[2]: 'password' command in GRUB 2?, Vladimir 'phcoder' Serbinenko, 2009/08/21
- Re: Re[2]: 'password' command in GRUB 2?, Vladimir 'phcoder' Serbinenko, 2009/08/22
- Re: Re[2]: 'password' command in GRUB 2?,
Robert Millan <=
- Re: Re[2]: 'password' command in GRUB 2?, Robert Millan, 2009/08/24
- Re: Re[2]: 'password' command in GRUB 2?, Vladimir 'phcoder' Serbinenko, 2009/08/24
- Re: Re[2]: 'password' command in GRUB 2?, Felix Zielcke, 2009/08/25
- Re: Re[2]: 'password' command in GRUB 2?, Vladimir 'phcoder' Serbinenko, 2009/08/25
- Re: Re[2]: 'password' command in GRUB 2?, Michal Suchanek, 2009/08/25
- Re: Re[2]: 'password' command in GRUB 2?, Vladimir 'phcoder' Serbinenko, 2009/08/25
- Re: Re[2]: 'password' command in GRUB 2?, Michal Suchanek, 2009/08/26
- Re: Re[2]: 'password' command in GRUB 2?, Vladimir 'phcoder' Serbinenko, 2009/08/26
- Re: Re[2]: 'password' command in GRUB 2?, Robert Millan, 2009/08/28