In OpenBSD, we constrain the password line to be 1023 characters long (_including_ expansion in the gecos field of all cases of '&' -> username). Perhaps this strict constraint isn't the perfect solution to the problem, but it sure has stopped a few root holes. One day we'll rewrite it better: allow longer lengths, but check in lots of places. (However a current benefit of this scheme is that the 1023 character constraint also helps for the YP server case). This solution saved us from the sendmail overflow in buildfname().
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:37:06 PDT