Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 31 May 2015 11:26:28 +0300
From: Solar Designer <solar@...nwall.com>
To: john-dev@...ts.openwall.com
Subject: Re: Session names somename.[0-9]+ shouldn't be allowed

On Thu, May 07, 2015 at 08:39:02PM +0300, Alexander Cherepanov wrote:
> On 2015-05-06 18:58, Solar Designer wrote:
> >On Wed, May 06, 2015 at 12:38:21AM +0200, Frank Dittrich wrote:
> >>IMHO, restricting the use of session names somename.[0-9]+ that might
> >>would be the best way to avoid trouble with --fork.
> >
> >OK, done:
> >
> >"Disallow session names with dots since these clash with those produced by
> >--fork.  Suggested by Frank Dittrich."
> 
> Ugh, isn't it an overkill?
[...]
> IMHO it's better to leave everything as it was before than trying to fix 
> a quite exotic problem breaking several useful and convenient (even if 
> unintended) features.

"Relaxed the recently added invalid session name check to only disallow
all-digit suffixes, since these are the ones that may clash with --fork'ed
child session names"

http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/john/john/src/options.c.diff?r1=1.40;r2=1.41

The revised check is thus:

http://cvsweb.openwall.com/cgi/cvsweb.cgi/Owl/packages/john/john/src/options.c.diff?r1=1.39;r2=1.41

Alexander

Powered by blists - more mailing lists

Your e-mail address:

Powered by Openwall GNU/*/Linux - Powered by OpenVZ