edit others user crontab, security bug

fwaggle fwagglechop at gmail.com
Thu Sep 1 13:20:29 UTC 2016

> root# pw useradd -n www.promspecbud.com  -g nobody -s /bin/sh -d /tmp
> root# pw useradd -n www.promspecbud.com.other -g nobody -s /bin/sh -d /tmp

I'm really sleepy so this might be wrong or outdated, but
aren't/weren't FreeBSD usernames limited to 16 characters? Seems to me
this probably relates to both the users being evaluated to the
username "www.promspecbud." or whatever.

James "fwaggle" Fraser

More information about the freebsd-security mailing list