Brian Gupta wrote: > Darren, > > In the Security Doc: > http://opensolaris.org/os/community/security/library/long_usernames/ > it states that help auditing the codebase is needed. > > I am willing to do this, if I could be given read only access to the > filesystem that holds the source tree. (Or a copy).
It is OpenSolaris after all you already have that access! $ hg clone ssh://anon at hg.opensolaris.org/hg/onnv/onnv-gate/ That gets you the ON consolidation which is where most (but not all) of the problems are. There could be issues in the other consolidations, maybe in GNOME. If there are any issues in CDE (quite possibly) then we probably can't get you access to that source since it isn't open. > I am not a > programmer so I am not up on all the different source management > tools. I am however a decent shell scripter and have been admining > Solaris long enough to figure my through C code. > > I could complete the audit very quickly once I figured out what I was > looking for, and how you wanted the data presented. (I figure a week > tops) Good luck it is much harder than you might think. A few hints. Look for all calls to getpw*(), getlogin(3C), any use of environment variables that contain USERNAME or LOGNAME. Any places where PAM_USER is set or copied. Look also for places where utmpx and wtmpx are updated. Personally I thin a week is optimistic but you might well have a better attention span for this kind of thing than I have :-) -- Darren J Moffat
