Date: Sat, 23 Dec 2017 22:21:03 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 224556] pw(8) does not check semantics of name Message-ID: <bug-224556-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224556 Bug ID: 224556 Summary: pw(8) does not check semantics of name Product: Base System Version: 11.1-STABLE Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: bernard.steiner@de.lahmeyer.com DO NOT TRY THIS ON ANY COMPUTER. DO NOT TRY THIS AT WORK, NOR AT HOME. Just noticed the existence of pw(8). The man page led me to believe it might be "compatible" to the user managem= ent program which was present in DYNIX/ptx, circa 1990 (and nuked at least four systems back then). I herewith confirm the useradd part at least is "compatible" to this quarter-century-old bug. I believe a pw userdel with user names constructed from unchecked pathnames= of such compounds will be somewhat detrimental to the system in question when doing the equivalent of rm -rf to the home dir. Would someone with access to the source *please* urgently add checking to t= he "name" argument to deny dot, possibly dotdot, and probably also slash. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-224556-8>