Am Do, Dez 05, 2024 at 14:34:21 +0100 schrieb Alejandro Colomar:
The best mitigation for those attacks is to ban the names altogether.
IMO, setuid programs should not accept Unicode.
Today, not many people want to live in the past and accept simply ASCII
if there name needs a bigger character
Marc wrote:
> On Tue, Dec 03, 2024 at 08:41:06PM +0100, Étienne Mollier wrote:
> > Marc Haber, on 2024-12-03:
> > > I'll probably deprecate --allow-bad-names in favor of something that
> > > doesn't use the word "bad" (suggestions appreciated). Otoh, adduser in
> > > the Red Hat World uses --badnam
Hi Marc,
> Homograph attacks would be best mitigated in software reading
> /etc/passwd, alerting in their output or logs that the user name they
> just printed was composed of strange alphabets.
Software that reads /etc/passwd or /etc/shadow is quite sensitive, and
should therefore be as simple a
3 matches
Mail list logo
