Date: Fri, 05 Jan 2018 22:41:40 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 224556] pw(8) does not check semantics of name Message-ID: <bug-224556-8-Qtm3Cx65qE@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-224556-8@https.bugs.freebsd.org/bugzilla/> References: <bug-224556-8@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224556 --- Comment #2 from Bernard Steiner <bernard.steiner@de.lahmeyer.com> --- (In reply to Brooks Davis from comment #1) Yes, no checking for dots. Using solely this list of forbidden characters, one can still construct the user names "." and ".." and "pw useradd .." does The Evil Thing. (I Did This, but then refrained from using pw userdel for the obvious reaso= n.) I would argue that passing garbage for "-d dir" is different in that the checking of the garbage is up to the invoker of the command. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-224556-8-Qtm3Cx65qE>