From owner-freebsd-audit Wed May 9 6:47: 0 2001 Delivered-To: freebsd-audit@freebsd.org Received: from ringworld.nanolink.com (ringworld.nanolink.com [195.24.48.13]) by hub.freebsd.org (Postfix) with SMTP id 9A66837B42C for ; Wed, 9 May 2001 06:46:54 -0700 (PDT) (envelope-from roam@orbitel.bg) Received: (qmail 1059 invoked by uid 1000); 9 May 2001 13:46:22 -0000 Date: Wed, 9 May 2001 16:46:22 +0300 From: Peter Pentchev To: Kris Kennaway Cc: Maxime Henrion , audit@FreeBSD.ORG, freebsd-i18n@FreeBSD.org Subject: Re: chpass patch to disallow non-printable characters in the passwd file Message-ID: <20010509164622.C645@ringworld.oblivion.bg> Mail-Followup-To: Kris Kennaway , Maxime Henrion , audit@FreeBSD.ORG, freebsd-i18n@FreeBSD.org References: <20010509131550.A984@nebula.cybercable.fr> <20010509041914.A36212@xor.obsecurity.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010509041914.A36212@xor.obsecurity.org>; from kris@obsecurity.org on Wed, May 09, 2001 at 04:19:14AM -0700 Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, May 09, 2001 at 04:19:14AM -0700, Kris Kennaway wrote: > On Wed, May 09, 2001 at 01:15:50PM +0200, Maxime Henrion wrote: > > Hi, > > > > Here is another patch from OpenBSD taken from Kris mailbox. It prevents > > users from putting non-printable characters in the passwd file. > > I'm not sure whether isprint() is the canonical way to check this in > the face of different locales. Can someone confirm the correct way to > do this? isprint() does honor locales, if setlocale() is called in advance. So this fix is proper, but not enough - there must be a call to setlocale(LC_ALL, ""), and a good place for it would be the start of main, even before the getopt() call, as done by a lot of other base system tools. G'luck, Peter -- If I were you, who would be reading this sentence? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message