Package: adduser
Version: 3.85
Severity: wishlist
Tags: patch
adduser's regex for checking usernames is too lax, it accepts empty
usernames, and usernames starting with a dash, in violation of some IEEE
standard. Please see this patch.
Thanks to Brendan O'Dea for the standards reference.
Thanks,
--Jeroen
--- adduser.orig 2006-03-16 04:05:56.224840752 +0100
+++ adduser 2006-03-16 04:12:30.877625373 +0100
@@ -730,11 +730,12 @@
# check if the given name matches some sanity checks
sub checkname {
my ($name) = @_;
- if ($name !~ /^[-_\.A-Za-z0-9]*\$?$/) {
+ if ($name !~ /^[_.A-Za-z0-9][-_.A-Za-z0-9]*\$?$/) {
print STDERR
("$0: ",gtx("To avoid problems, the username should consist of
-letters, digits, underscores, periods and dashes. For compatibility with
-Samba machine accounts \$ is also supported at the end of the username\n"));
+letters, digits, underscores, periods and dashes, and not start with a
+dash (as defined by IEEE Std 1003.1-2001). For compatibility with Samba
+machine accounts \$ is also supported at the end of the username\n"));
exit 1;
}
if ($name !~ qr/$config{"name_regex"}/) {
--
Jeroen van Wolffelaar
[EMAIL PROTECTED]
http://jeroen.A-Eskwadraat.nl
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
