>Number: 159721 >Category: misc >Synopsis: Usernames that are too long get logged onto GUI console as root >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Aug 12 17:00:22 UTC 2011 >Closed-Date: >Last-Modified: >Originator: Robert Auch >Release: 8.1 >Organization: BeyondTrust Software >Environment: >Description: A user with a logon name longer than 8 characters gets logged into FreeBSD as "root" after successful authentication as themselves, when logging in through GDM.
This problem cannot be replicated in GDM on Linux, and appears to be related to the 8 character username limit in FreeBSD. [root@freebsd81-64 /usr/home/LAMPI/localuser10]# su LAMPI\\localuser10 su: username too long Any users coming from BeyondTrust PBIS or Likewise Open or NIS or LDAP who have usernames longer than 8 characters get blocked logging in via ssh or su, but when authenticating via GDM, they are dropped into the OS as "root" with $EUID=0 and $UID=0. [root@freebsd81-64 /usr/home/LAMPI/localuser10]# id lampi\\localuser10 uid=239600760(LAMPI\localuser10) gid=239600129(LAMPI\domain^users) groups=239600129(LAMPI\domain^users),1545(BUILTIN\Users) >How-To-Repeat: Create a user in a shared authentication engine with length($user) > 8. make sure that the user shows up in NSS via "id". Then log in via GDM as the user. Open a terminal and type "id" to see that the user is now "root". >Fix: >Release-Note: >Audit-Trail: >Unformatted: _______________________________________________ freebsd-bugs@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
