[Bug 224556] pw(8) does not check semantics of name
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri Jan 5 22:41:41 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224556
--- Comment #2 from Bernard Steiner <bernard.steiner at de.lahmeyer.com> ---
(In reply to Brooks Davis from comment #1)
Yes, no checking for dots.
Using solely this list of forbidden characters, one can still construct the
user names "." and ".." and "pw useradd .." does The Evil Thing.
(I Did This, but then refrained from using pw userdel for the obvious reason.)
I would argue that passing garbage for "-d dir" is different in that the
checking of the garbage is up to the invoker of the command.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list