Username and Groupname Sizes on HP-UX
• System-wide configuration (lugadmin)
• User level configuration(environment variable)
6.3 Buffer Overflow tests
Ensure that there are test cases that validate buffer overflow conditions. This ensures that there are no
security vulnerabilities, especially in setuid programs.
7.0 Summary
HP has provided expanded user and group names in response to the needs expressed by customers.
This feature increases the maximum user and group name lengths from eight and 16 bytes
(respectively) to 255. The system commands and utilities are enhanced to handle long user/group
names. However, longer names must be used with caution. Recompiling the programs alone does not
make the program expanded user/group name clean .No FLV mechanism exists because it is not
required for any of the APIs that return username/groupname. The APIs are scalable to handle the
expanded username/groupname. The programs that are not enhanced to accommodate the
expanded name interfaces truncate them. This can cause programs to exhibit ambiguous output or
incorrect behavior (including unexpected and undetermined aborts). The default system and product
configuration settings limit names to the original, compatible, maximums in order to avoid these
problems. The system administrator must explicitly enable the expanded name capability through a
command.
This paper has described how to enable the capability, limitations of specific HP products, how
software developers can determine whether their products have dependencies on user and group
name sizes and how to enhance the programs to accommodate long names, and how to test them.
Glossary of Terms
Application Programming Interface (API)
An application interface is a data structure definition or type, a program function or procedure, a
data variable, or a constant (symbolic or literal) which is exported by a component (for example, a
library) for use by application code. Interfaces appear in header files and are (usually) documented in
the API specification (for example, the man pages).
Byte
A byte is an eight-bit quantity. In the ASCII character set, each character can be represented in a
single byte. While HP-UX currently supports only ASCII characters for user and group names
the word byte (rather than character) is used in reference to those values.
Long User/ Group Name
This refers to user or group names that are longer (i.e., have a greater string length) than the
default maximums of eight or 16 bytes, respectively.
LOGIN_NAME_MAX
A symbolic constant parameter that defines the maximum length of user name strings. Its value is 64
bytes. This should no longer be used. This symbolic constant will be obsoleted in future releases.
_POSIX_LOGIN_NAME_MAX
This is a symbolic name for the most restrictive (minimum value) value a conforming
implementation should support, which is specified to be nine bytes.
Manufacturing Part Number : 5992-4118
© 2007 Hewlett
-
Packard Development Company, L.P. The information contained
herein is subject to change without notice. The only warranties for HP products and
services are set forth in the express warranty statements accompanying such
products and services. Nothing herein should be construed as constituting an
additional warranty. HP shall not be liable for technical or editorial errors or
omissions contained herein.
Itanium is a trademark or registered trademark of Intel Corporation or its
subsidiaries in the United States and other countries.
4AA0-XXXXENW, May 2007
© 2007 Hewlett
-
Packard Development Company, L.P. The information contained
herein is subject to change without notice. The only warranties for HP products and
services are set forth in the express warranty statements accompanying such
products and services. Nothing herein should be construed as constituting an
additional warranty. HP shall not be liable for technical or editorial errors or
omissions contained herein.
Itanium is a trademark or registered trademark of Intel Corporation or its
subsidiaries in the United States and other countries.
4AA0-XXXXENW, May 2007