VesperOS/shadow
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Forbid backslashes in user/group-names

Browse Source 
They can still be used with --force-badname, but it's a start. In the
long run I want to remove our relax patch, and upstream should fix the
line continuation too. For #1076619.

Gbp-Dch: full
This commit is contained in:
Chris Hofstaedtler
2024-07-21 21:02:52 +02:00
parent 0d4266dc81
commit 08e5e0a148
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
debian/patches/debian/Relax-usernames-groupnames-checking.patch vendored
View File

@@ -2,10 +2,10 @@ From: Shadow package maintainers <pkg-shadow-devel@lists.alioth.debian.org>
Date: Sat, 22 Jun 2024 17:39:41 +0200
Subject: Relax usernames/groupnames checking
Allows any non-empty user/grounames that don't contain ':', ',' or '\n'
characters and don't start with '-', '+', or '~'. This patch is more
restrictive than original Karl's version. closes: #264879
Also closes: #377844
Allows any non-empty user/grounames that don't contain ':', ',', '\\' or
'\n' characters and don't start with '-', '+', or '~'. This patch is
more restrictive than original Karl's version. closes: #264879 Also
closes: #377844
Comments from Karl Ramm (shadow 1:4.0.3-9, 20 Aug 2003 02:06:50 -0400):
@@ -22,7 +22,7 @@ Status wrt upstream: Debian specific. Not to be used upstream
3 files changed, 29 insertions(+), 32 deletions(-)
diff --git a/lib/chkname.c b/lib/chkname.c
index 995562f..d9678c6 100644
index 995562f..9954410 100644
--- a/lib/chkname.c
+++ b/lib/chkname.c
@@ -54,44 +54,27 @@ static bool is_valid_name (const char *name)
@@ -51,7 +51,7 @@ index 995562f..d9678c6 100644
+ * portable filename character set [A-Za-z0-9._-], and that the hyphen
+ * should not be used as the first character of a portable user name.
+ *
+ * Allow more relaxed user/group names in Debian -- ^[^-~+:,\s][^:,\s]*$
+ * Allow more relaxed user/group names in Debian -- ^[^-~+:,\\\s][^:,\\\s]*$
+ */
+ if ( ('\0' == *name)
+ || ('-' == *name)
@@ -72,7 +72,7 @@ index 995562f..d9678c6 100644
- (*name == '$' && name[1] == '\0')
- )) {
+ do {
+ if ((':' == *name) || (',' == *name) || isspace(*name)) {
+ if ((':' == *name) || (',' == *name) || ('\\' == *name) || isspace(*name)) {
return false;
}
- numeric &= isdigit(*name);