Hi all! We have several vt-100 terminal that log to the naub server at our office. Still, some users without account in the main server would like to login to another machine, so I was planning on creating a passwordless acount with a shell that's a program that asks for usernames and then execs ssh -l username. I didn't want to do a script to avouid ppl hitting ctrl+c and having a passwordless account. I'm also worried about buffer-overflows and a miriad things I'm too newbie to understand, so I'd appreciate any comments on the security flaws you see on this:
#include <stdio.h>
main(){
int i=0;
char name[10];
write(1,"Login as: ",10);
while(i<10)
{
read(0,&name[i],1);
if (name[i]=='\n') {name[i]='\0';i=100;}
i++;
}
execlp("/usr/bin/ssh","ssh","foo.foo.es","-l",name,(char *)0);
}
Any advice welcome! :)
Miquel MartÃn
pgp8PL5BnhqrD.pgp
Description: PGP signature
