Date: Wed, 9 May 2001 16:46:22 +0300 From: Peter Pentchev <roam@orbitel.bg> To: Kris Kennaway <kris@obsecurity.org> Cc: Maxime Henrion <mux@qualys.com>, audit@FreeBSD.ORG, freebsd-i18n@FreeBSD.org Subject: Re: chpass patch to disallow non-printable characters in the passwd file Message-ID: <20010509164622.C645@ringworld.oblivion.bg> In-Reply-To: <20010509041914.A36212@xor.obsecurity.org>; from kris@obsecurity.org on Wed, May 09, 2001 at 04:19:14AM -0700 References: <20010509131550.A984@nebula.cybercable.fr> <20010509041914.A36212@xor.obsecurity.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, May 09, 2001 at 04:19:14AM -0700, Kris Kennaway wrote: > On Wed, May 09, 2001 at 01:15:50PM +0200, Maxime Henrion wrote: > > Hi, > > > > Here is another patch from OpenBSD taken from Kris mailbox. It prevents > > users from putting non-printable characters in the passwd file. > > I'm not sure whether isprint() is the canonical way to check this in > the face of different locales. Can someone confirm the correct way to > do this? isprint() does honor locales, if setlocale() is called in advance. So this fix is proper, but not enough - there must be a call to setlocale(LC_ALL, ""), and a good place for it would be the start of main, even before the getopt() call, as done by a lot of other base system tools. G'luck, Peter -- If I were you, who would be reading this sentence? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010509164622.C645>