Date: Thu, 3 Jan 2002 13:20:01 -0800 (PST) From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: freebsd-bugs@FreeBSD.org Subject: Re: bin/22860: [PATCH] adduser & friends with '$' in usernames Message-ID: <200201032120.g03LK1T66099@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/22860; it has been noted by GNATS.
From: Gerhard Sittig <Gerhard.Sittig@gmx.net>
To: bug-followup@freebsd.org
Cc: yar@freebsd.org
Subject: Re: bin/22860: [PATCH] adduser & friends with '$' in usernames
Date: Thu, 3 Jan 2002 22:07:50 +0100
To create some kind of "link" and to keep some kind of state or
progress in the audit trail: I understand this PR is heavily
connected to bin/31049 (dots in usernames) and yar@freebsd.org
tried to attack the issue in revs 1.51 and 1.52 of
src/usr.sbin/adduser/adduser.perl as of 2002-01-02.
Doug Barton fixed src/usr.sbin/adduser/rmuser.perl so it has
been removing (well, "has been able to remove" might be better
wording:) any existing user since rev 1.12 as of 2000-12-17.
Yar Tikhi yesterday taught adduser.perl about an option to force
the administrator's wish onto the system what the name should
look like. I have to state two points here: I'm not completely
sure about which characters are allowed in usernames while PR
bin/31049 cites POSIX and talks about "characters from the
portable filename character set". So I cannot decide if the
current implementation (short circuit *any* test except for
"there must be a username" and "it must not contain a colon"
because of the passwd(5) format) is going too far and would
allow invalid usernames. And I feel that the wording of the
warn messages is too strong. I would talk about "unexpected"
or "not recommended" characters unless I'm sure they really
_are_ invalid characters. BTW: Should there be a length check
like in pw(8)?
src/usr.sbin/pw/* hasn't been touched yet. But I take it from
the bin/31049 audit trail that yar is aware of this tool, too,
and tries to sync both the Perl and the C version of the user
database manipulating frontends -- once it's determined what a
username is allowed to look like.
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200201032120.g03LK1T66099>