[Pkg-shadow-devel] login assertion on invalid input

christian.casteyde at free.fr christian.casteyde at free.fr
Thu Jul 14 15:14:20 UTC 2011


        Under high load I managed to type too quickly and entered an invalid
input at login prompt on my system. That was a command with a pipe, which
triggers an assertion in login, causing it to crash:

login: dmesg | less
login: loginprompt.c:164: loginprompt: Assertion `wlen == (int) len -1' failed

        This may be interesting to check, just to see if this kind of input
cannot be used to get unauthorized access.

        My kernel uses UTF-8. My system is Slackware64 13.37, which uses util-
linux 2.19.

C. Casteyde

More information about the Pkg-shadow-devel mailing list