[Bug 224556] pw(8) does not check semantics of name
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Dec 23 22:21:03 UTC 2017
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224556
Bug ID: 224556
Summary: pw(8) does not check semantics of name
Product: Base System
Version: 11.1-STABLE
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: bin
Assignee: freebsd-bugs at FreeBSD.org
Reporter: bernard.steiner at de.lahmeyer.com
DO NOT TRY THIS ON ANY COMPUTER.
DO NOT TRY THIS AT WORK, NOR AT HOME.
Just noticed the existence of pw(8).
The man page led me to believe it might be "compatible" to the user management
program which was present in DYNIX/ptx, circa 1990 (and nuked at least four
systems back then). I herewith confirm the useradd part at least is
"compatible" to this quarter-century-old bug.
I believe a pw userdel with user names constructed from unchecked pathnames of
such compounds will be somewhat detrimental to the system in question when
doing the equivalent of rm -rf to the home dir.
Would someone with access to the source *please* urgently add checking to the
"name" argument to deny dot, possibly dotdot, and probably also slash.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list