Date: Thu, 3 Jan 2002 13:20:01 -0800 (PST) From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/22860: [PATCH] adduser & friends with '$' in usernames Message-ID: <200201032120.g03LK1T66099@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/22860; it has been noted by GNATS. From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: bug-followup@freebsd.org Cc: yar@freebsd.org Subject: Re: bin/22860: [PATCH] adduser & friends with '$' in usernames Date: Thu, 3 Jan 2002 22:07:50 +0100 To create some kind of "link" and to keep some kind of state or progress in the audit trail: I understand this PR is heavily connected to bin/31049 (dots in usernames) and yar@freebsd.org tried to attack the issue in revs 1.51 and 1.52 of src/usr.sbin/adduser/adduser.perl as of 2002-01-02. Doug Barton fixed src/usr.sbin/adduser/rmuser.perl so it has been removing (well, "has been able to remove" might be better wording:) any existing user since rev 1.12 as of 2000-12-17. Yar Tikhi yesterday taught adduser.perl about an option to force the administrator's wish onto the system what the name should look like. I have to state two points here: I'm not completely sure about which characters are allowed in usernames while PR bin/31049 cites POSIX and talks about "characters from the portable filename character set". So I cannot decide if the current implementation (short circuit *any* test except for "there must be a username" and "it must not contain a colon" because of the passwd(5) format) is going too far and would allow invalid usernames. And I feel that the wording of the warn messages is too strong. I would talk about "unexpected" or "not recommended" characters unless I'm sure they really _are_ invalid characters. BTW: Should there be a length check like in pw(8)? src/usr.sbin/pw/* hasn't been touched yet. But I take it from the bin/31049 audit trail that yar is aware of this tool, too, and tries to sync both the Perl and the C version of the user database manipulating frontends -- once it's determined what a username is allowed to look like. virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201032120.g03LK1T66099>