[Bug 224556] pw(8) does not check semantics of name

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224556

            Bug ID: 224556
           Summary: pw(8) does not check semantics of name
           Product: Base System
           Version: 11.1-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: bernard.steiner at de.lahmeyer.com

DO NOT TRY THIS ON ANY COMPUTER.
DO NOT TRY THIS AT WORK, NOR AT HOME.
Just noticed the existence of pw(8).
The man page led me to believe it might be "compatible" to the user management
program which was present in DYNIX/ptx, circa 1990 (and nuked at least four
systems back then). I herewith confirm the useradd part at least is
"compatible" to this quarter-century-old bug.
I believe a pw userdel with user names constructed from unchecked pathnames of
such compounds will be somewhat detrimental to the system in question when
doing the equivalent of rm -rf to the home dir.

Would someone with access to the source *please* urgently add checking to the
"name" argument to deny dot, possibly dotdot, and probably also slash.

-- 
You are receiving this mail because:
You are the assignee for the bug.