[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Re[2]: 'password' command in GRUB 2?
From: |
Vladimir 'phcoder' Serbinenko |
Subject: |
Re: Re[2]: 'password' command in GRUB 2? |
Date: |
Fri, 21 Aug 2009 13:30:14 +0200 |
>
>> +grub_err_t
>> +grub_auth_check_authentication (const char *userlist)
>> +{
>> + char login[1024] = {0};
>
> Please avoid arbitrary limits. If the grub_cmdline_get() API is enforcing
> them, then this function is wrong and should be using malloc() instead (like,
> say, getline() or asprintf() do).
>
If user has a username longer than 1K it can mean only that he is
trying to execute buffer overflow.
New patch. This time with password command (plaintext).
Beware that I haven't reread patch myself yet and until I do so AND
it's reviewed by other people it can't pretend to be secure.
--
Regards
Vladimir 'phcoder' Serbinenko
Personal git repository: http://repo.or.cz/w/grub2/phcoder.git
auth.diff
Description: Text document
- Re: Re[2]: 'password' command in GRUB 2?, Robert Millan, 2009/08/19
- Re: Re[2]: 'password' command in GRUB 2?, Robert Millan, 2009/08/20
- Re: Re[2]: 'password' command in GRUB 2?,
Vladimir 'phcoder' Serbinenko <=
- Re: Re[2]: 'password' command in GRUB 2?, Vladimir 'phcoder' Serbinenko, 2009/08/22
- Re: Re[2]: 'password' command in GRUB 2?, Robert Millan, 2009/08/23
- Re: Re[2]: 'password' command in GRUB 2?, Robert Millan, 2009/08/24
- Re: Re[2]: 'password' command in GRUB 2?, Vladimir 'phcoder' Serbinenko, 2009/08/24
- Re: Re[2]: 'password' command in GRUB 2?, Felix Zielcke, 2009/08/25
- Re: Re[2]: 'password' command in GRUB 2?, Vladimir 'phcoder' Serbinenko, 2009/08/25
- Re: Re[2]: 'password' command in GRUB 2?, Michal Suchanek, 2009/08/25
- Re: Re[2]: 'password' command in GRUB 2?, Vladimir 'phcoder' Serbinenko, 2009/08/25
- Re: Re[2]: 'password' command in GRUB 2?, Michal Suchanek, 2009/08/26
- Re: Re[2]: 'password' command in GRUB 2?, Vladimir 'phcoder' Serbinenko, 2009/08/26