Bug 436748 - rexec username limit is 16 characters, not 14
rexec username limit is 16 characters, not 14
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: rsh (Show other bugs)
5.1
All Linux
low Severity low
: rc
: ---
Assigned To: Adam Tkac
Ben Levenson
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-03-10 04:19 EDT by Andrew Ryan
Modified: 2013-04-30 19:38 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-04-15 05:57:28 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to correct the problem (546 bytes, patch)
2008-03-10 04:19 EDT, David Robinson
no flags Details | Diff
improved patch (663 bytes, patch)
2008-03-27 11:55 EDT, Adam Tkac
no flags Details | Diff

  None (edit)
Description David Robinson 2008-03-10 04:19:02 EDT
Description of problem:
rexec username limit is 14 characters, not 16 as stated in rexecd(8). If a
username is longer than 14 characters then the user will not be able to login
via rexec.

Version-Release number of selected component (if applicable):
rsh-server-0.17-38.el5

How reproducible:
100%

Steps to Reproduce:
1. useradd testtesttest1234
2. passwd testtesttest1234 # test
3. chkconfig rexec on
4. chkconfig xinetd on
5. service xinetd start
6. rexec -l testtesttest1234 -p test localhost date
  
Actual results:

$ rexec -l testtesttest12 -p test localhost date
Mon Mar 10 17:08:07 EST 2008
$ rexec -l testtesttest123 -p test localhost date
username too long
rexec: Error in rexec system call,
rexec: (The following system error may itself be in error)
rexec: No such file or directory
$ rexec -l testtesttest1234 -p test localhost date
username too long
rexec: Error in rexec system call,
rexec: (The following system error may itself be in error)
rexec: No such file or directory

Expected results:

$ rexec -l testtesttest12 -p test localhost date
Mon Mar 10 17:09:43 EST 2008
$ rexec -l testtesttest123 -p test localhost date
Mon Mar 10 17:09:46 EST 2008
$ rexec -l testtesttest1234 -p test localhost date
Mon Mar 10 17:09:55 EST 2008
$ rexec -l testtesttest12345 -p test localhost date
username too long
rexec: Error in rexec system call,
rexec: (The following system error may itself be in error)
rexec: No such file or directory

Additional info:
Patch to correct the problem is attached. It increases the size limit to 32
characters, which is the limit in rlogind.
Comment 1 David Robinson 2008-03-10 04:19:03 EDT
Created attachment 297409 [details]
patch to correct the problem
Comment 2 Adam Tkac 2008-03-27 11:55:00 EDT
Created attachment 299349 [details]
improved patch

Previous patch wasn't so good. Change in getstr causes one byte buffer
overflow. Also extending name length is not good idea because manual page says
maximum length is 16 chars so it should be leaved as is. Attached patch seems
like optimal solution for me
Comment 4 RHEL Product and Program Management 2008-07-21 19:05:18 EDT
This request was evaluated by Red Hat Product Management for
inclusion, but this component is not scheduled to be updated in
the current Red Hat Enterprise Linux release. If you would like
this request to be reviewed for the next minor release, ask your
support representative to set the next rhel-x.y flag to "?".
Comment 10 errata-xmlrpc 2009-04-15 05:57:28 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-0423.html

Note You need to log in before you can comment on or make changes to this bug.