Jeroen van Wolffelaar
2006-Mar-16 03:33 UTC
Bug#357185: More strict checking for sane username
Package: adduser
Version: 3.85
Severity: wishlist
Tags: patch
adduser''s regex for checking usernames is too lax, it accepts empty
usernames, and usernames starting with a dash, in violation of some IEEE
standard. Please see this patch.
Thanks to Brendan O''Dea for the standards reference.
Thanks,
--Jeroen
--- adduser.orig 2006-03-16 04:05:56.224840752 +0100
+++ adduser 2006-03-16 04:12:30.877625373 +0100
@@ -730,11 +730,12 @@
# check if the given name matches some sanity checks
sub checkname {
my ($name) = @_;
- if ($name !~ /^[-_\.A-Za-z0-9]*\$?$/) {
+ if ($name !~ /^[_.A-Za-z0-9][-_.A-Za-z0-9]*\$?$/) {
print STDERR
("$0: ",gtx("To avoid problems, the username should consist of
-letters, digits, underscores, periods and dashes. For compatibility with
-Samba machine accounts \$ is also supported at the end of the
username\n"));
+letters, digits, underscores, periods and dashes, and not start with a
+dash (as defined by IEEE Std 1003.1-2001). For compatibility with Samba
+machine accounts \$ is also supported at the end of the username\n"));
exit 1;
}
if ($name !~ qr/$config{"name_regex"}/) {
--
Jeroen van Wolffelaar
jeroen@wolffelaar.nl
http://jeroen.A-Eskwadraat.nl
Marc Haber
2006-Mar-16 08:33 UTC
[Adduser-devel] Bug#357185: More strict checking for sane username
tags #357185 patch confirmed pending thanks On Thu, Mar 16, 2006 at 04:18:54AM +0100, Jeroen van Wolffelaar wrote:> adduser''s regex for checking usernames is too lax, it accepts empty > usernames, and usernames starting with a dash, in violation of some IEEE > standard. Please see this patch.Applied to svn, thanks. Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don''t trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Debian Bug Tracking System
2006-Mar-16 08:33 UTC
[Adduser-devel] Processed: Re: Bug#357185: More strict checking for sane username
Processing commands for control@bugs.debian.org:> tags #357185 patch confirmed pendingBug#357185: More strict checking for sane username Tags were: patch Tags added: patch, confirmed, pending> thanksStopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database)
Debian Bug Tracking System
2006-Apr-15 21:13 UTC
[Adduser-devel] Bug#357185: marked as done (More strict checking for sane username)
Your message dated Sat, 15 Apr 2006 13:47:13 -0700 with message-id <E1FUrfl-0001Gl-5F@spohr.debian.org> and subject line Bug#357185: fixed in adduser 3.86 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) -------------- next part -------------- An embedded message was scrubbed... From: Jeroen van Wolffelaar <jeroen@wolffelaar.nl> Subject: More strict checking for sane username Date: Thu, 16 Mar 2006 04:18:54 +0100 Size: 2653 Url: http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20060415/94fc2539/attachment-0002.mht -------------- next part -------------- An embedded message was scrubbed... From: Marc Haber <mh+debian-packages@zugschlus.de> Subject: Bug#357185: fixed in adduser 3.86 Date: Sat, 15 Apr 2006 13:47:13 -0700 Size: 3560 Url: http://lists.alioth.debian.org/pipermail/adduser-devel/attachments/20060415/94fc2539/attachment-0003.mht