From owner-freebsd-bugs Thu Jan 3 13:20: 7 2002 Delivered-To: freebsd-bugs@hub.freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 9922537B416 for ; Thu, 3 Jan 2002 13:20:02 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.6/8.11.6) id g03LK1T66099; Thu, 3 Jan 2002 13:20:01 -0800 (PST) (envelope-from gnats) Date: Thu, 3 Jan 2002 13:20:01 -0800 (PST) Message-Id: <200201032120.g03LK1T66099@freefall.freebsd.org> To: freebsd-bugs@FreeBSD.org Cc: From: Gerhard Sittig Subject: Re: bin/22860: [PATCH] adduser & friends with '$' in usernames Reply-To: Gerhard Sittig Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org The following reply was made to PR bin/22860; it has been noted by GNATS. From: Gerhard Sittig To: bug-followup@freebsd.org Cc: yar@freebsd.org Subject: Re: bin/22860: [PATCH] adduser & friends with '$' in usernames Date: Thu, 3 Jan 2002 22:07:50 +0100 To create some kind of "link" and to keep some kind of state or progress in the audit trail: I understand this PR is heavily connected to bin/31049 (dots in usernames) and yar@freebsd.org tried to attack the issue in revs 1.51 and 1.52 of src/usr.sbin/adduser/adduser.perl as of 2002-01-02. Doug Barton fixed src/usr.sbin/adduser/rmuser.perl so it has been removing (well, "has been able to remove" might be better wording:) any existing user since rev 1.12 as of 2000-12-17. Yar Tikhi yesterday taught adduser.perl about an option to force the administrator's wish onto the system what the name should look like. I have to state two points here: I'm not completely sure about which characters are allowed in usernames while PR bin/31049 cites POSIX and talks about "characters from the portable filename character set". So I cannot decide if the current implementation (short circuit *any* test except for "there must be a username" and "it must not contain a colon" because of the passwd(5) format) is going too far and would allow invalid usernames. And I feel that the wording of the warn messages is too strong. I would talk about "unexpected" or "not recommended" characters unless I'm sure they really _are_ invalid characters. BTW: Should there be a length check like in pw(8)? src/usr.sbin/pw/* hasn't been touched yet. But I take it from the bin/31049 audit trail that yar is aware of this tool, too, and tries to sync both the Perl and the C version of the user database manipulating frontends -- once it's determined what a username is allowed to look like. virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message