Hi all!
We have several vt-100 terminal that log to the naub server at our office.
Still, some users without account in the main server would like to login to
another machine, so I was planning on creating a passwordless acount with a
shell that's a program that asks for usernames and then execs ssh -l
username. I didn't want to do a script to avouid ppl hitting ctrl+c and
having a passwordless account. I'm also worried about buffer-overflows and a
miriad things I'm too newbie to understand, so I'd appreciate any comments
on the security flaws you see on this:
#include <stdio.h>
main(){
int i=0;
char name[10];
write(1,"Login as: ",10);
while(i<10)
{
read(0,&name[i],1);
if (name[i]=='\n') {name[i]='\0';i=100;}
i++;
}
execlp("/usr/bin/ssh","ssh","foo.foo.es","-l",name,(char *)0);
}
Any advice welcome! :)
Miquel MartínAttachment:
pgptTFqyMdhSn.pgp
Description: PGP signature