[website-discuss] Re: why the 8-character username limit?
Richard L. Hamilton
rlhamil at smart.net
Wed Feb 28 03:22:34 PST 2007
A big part of the problem is L_cuserid from <stdio.h>, which is a
preprocessor symbol with the value 9 (8 + 1 for NUL byte terminator).
That's been around forever, can't really go away (AFAIK), and once a program
that uses that has been compiled, it can't be changed without recompiling
it. That might not be a problem for Solaris code, which could be changed
to have a higher limit, but there could be all sorts of programs from freeware
to commercial that run on Solaris and will either truncate or overflow a buffer
if a username is longer than 8 bytes.
That is, some program will declare an array
char username[L_cuserid];
to hold an account name, and depending on how careful it is about reading
in the account name, it will either have to truncate it (which probably won't
give the results you want if the name is longer) or it will overrun the array
and probably add a bunch of garbage on the end (which also won't work),
and quite possibly core dump as well.
So even if it could be guaranteed that everything that comes with Solaris
could handle longer names, with the need for backwards compatibility for
existing applications, it might not be possible to guarantee that _they_ could
handle longer names properly.
This message posted from opensolaris.org
More information about the website-discuss
mailing list