- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: C API for removing a user
Operating System - HP-UX
1753505
Members
5195
Online
108794
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-28-2002 12:58 PM
тАО02-28-2002 12:58 PM
4 REPLIES 4
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-28-2002 01:16 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО02-28-2002 02:21 PM
тАО02-28-2002 02:21 PM
Re: C API for removing a user
I would put an absolute path on that userdel for security purposes.
You might want to consider protecting that from buffer overflows too.
You might want to consider protecting that from buffer overflows too.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-01-2002 07:45 AM
тАО03-01-2002 07:45 AM
Re: C API for removing a user
Thanks, guys.
>>You might want to consider protecting that >>from buffer overflows too.
Eric, could you give me more detail on this?
>>You might want to consider protecting that >>from buffer overflows too.
Eric, could you give me more detail on this?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО03-01-2002 08:03 AM
тАО03-01-2002 08:03 AM
Re: C API for removing a user
Hi:
All is is saying is that my baby example was not very robust.
char *the_user;
int status;
char s_cmd[256];
(void) sprintf(s_cmd,"userdel -r s",the_user);
cc = system(userdel);
The problem is that is is conceivable (though very unlikely) that the length of the command might exceed the size of s_cmd [256] characters - a buffer overflow.
# ----------------------------------------
The nit-picky though really not need method:
#define CMD "/sbin/userdel -r "
extern int errno;
int remove_user(char *the_user)
{
int cc = 0;
if (the_user != NULL)
{
int len = 4; /* cushion */
char *s_cmd = NULL;
len += (int) strlen(the_user);
len += (int) strlen(CMD);
s_cmd = (char *) malloc(size_t) len);
if (s_cmd != NULL)
{
(void) sprintf(s_cmd,
"%s %s",CMD,the_user);
cc = system(s_cmd);
free ((void *) s_cmd));
}
else cc = (errno != 0) ? errno : -2;
}
else cc = -1;
return(cc);
} /* remove_user */
-----------------------------------------
cc = remove_user("clay");
Barring any typo's that should be a fully robust version. In real life, as long as you make sure that the length of the user name is no more than ~220 the baby example will be perfectly robust.
Regards, Clay
All is is saying is that my baby example was not very robust.
char *the_user;
int status;
char s_cmd[256];
(void) sprintf(s_cmd,"userdel -r s",the_user);
cc = system(userdel);
The problem is that is is conceivable (though very unlikely) that the length of the command might exceed the size of s_cmd [256] characters - a buffer overflow.
# ----------------------------------------
The nit-picky though really not need method:
#define CMD "/sbin/userdel -r "
extern int errno;
int remove_user(char *the_user)
{
int cc = 0;
if (the_user != NULL)
{
int len = 4; /* cushion */
char *s_cmd = NULL;
len += (int) strlen(the_user);
len += (int) strlen(CMD);
s_cmd = (char *) malloc(size_t) len);
if (s_cmd != NULL)
{
(void) sprintf(s_cmd,
"%s %s",CMD,the_user);
cc = system(s_cmd);
free ((void *) s_cmd));
}
else cc = (errno != 0) ? errno : -2;
}
else cc = -1;
return(cc);
} /* remove_user */
-----------------------------------------
cc = remove_user("clay");
Barring any typo's that should be a fully robust version. In real life, as long as you make sure that the length of the user name is no more than ~220 the baby example will be perfectly robust.
Regards, Clay
If it ain't broke, I can fix that.
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP