Re: AIX rlogind

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Perry E. Metzger: "Re: Fix for Linux/AIX login hole"
• Previous message: Bonfield James: "Re: AIX rlogind"
• In reply to: der Mouse: "Re: AIX rlogind"
• Next in thread: Graham Toal: "Re: AIX rlogind"

>>> the reason some ports of shadow are `bad' and some aren't is
>>> directly related to how the getopt(3) routine works on that os.  if
>>> it allows "-froot" to mean the same as "-f root", then it's going to
>>> be ``buggy''.
>> i would have sworn that POSIX defines that as correct behaviour for
>> getopt().
>
>Then either (a) login shouldn't use getopt(), (b) all programs that
>call login should check what they pass for sanity (effectively,
>reimplement login's argument parsing themselves), or (c) an option
>should be defined for login that says "the next argument is a username
>regardless of what it looks like".

The problem is not so much using getopt.  It's using f: for an
option that doesn't expect an argument.  The AIX and shadow 3.x
login program used getopt(, "f:h:") instead of getopt(, "fh:)".

Instead of the normal login usage of:

	login [-r host] [ -h host ] [-p] [-f] [username]

they implemented

	login [-r host] [ -h host ] [-p] [-f username] [username]

>Personally, I prefer option (c), though if I were to write a login, it
>would also take tack (a) because I never use getopt.

You can also modify rlogind and telnetd to pass the end of options
string "--" before the username, though this requires a login that
uses getopt.

Casper

• Next message: Perry E. Metzger: "Re: Fix for Linux/AIX login hole"
• Previous message: Bonfield James: "Re: AIX rlogind"
• In reply to: der Mouse: "Re: AIX rlogind"
• Next in thread: Graham Toal: "Re: AIX rlogind"