Package: passwd Version: 1:4.0.3-31sarge9 Severity: important Tags: patch (Despite the similarity in domain name, I am not in any way affiliated with Ubuntu or Canonical Ltd.)
useradd allows users to be created with spaces in their usernames. Worse, all the utilities to delete users can't delete users with spaces in their usernames. I don't think spaces should be valid in usernames, so below is a patch that mostly fixes the problem. " foo" and "foo " are rejected, but "f: oo" is not. I'm not sure about why things were ifdef'ed out in libmisc/chkname.c, but there is probably a more elegant solution. This problem is also present in 4.0.18.1-5 from unstable, but I'm not running unstable. The patch is similar, though the proper place to add a similar patch is debian/patches/506_relaxed_usernames. I filed this bug with Ubuntu (https://bugs.launchpad.net/distros/ubuntu/+source/shadow/+bug/71242) and included a patch there. Here is a patch for sarge: --- shadow-4.0.3/libmisc/chkname.c 2006-11-27 18:22:03.000000000 -0500 +++ shadow-4.0.3-paulv/libmisc/chkname.c 2006-11-27 18:17:50.000000000 -0500 @@ -37,12 +37,20 @@ } #endif /* seeing no sufficiently good reason for the above... */ + + /* leading space */ + if (*name == ' ') + return 0; + if (*name == '-') return 1; - while (*++name) + + while (*++name) { + if (*name == ' ') + return 0; if (*name == ':') return 1; - + } return 1; } -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.4.33.1-grsec Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968) Versions of packages passwd depends on: ii libc6 2.3.2.ds1-22sarge4 GNU C Library: Shared libraries an ii libpam-modules 0.76-22 Pluggable Authentication Modules f ii libpam0g 0.76-22 Pluggable Authentication Modules l ii login 1:4.0.3-31sarge9 system login tools -- debconf information: passwd/password-mismatch: passwd/username: passwd/password-empty: passwd/make-user: true passwd/md5: false passwd/shadow: true passwd/username-bad: passwd/user-fullname: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]