Bug 448408 - Incorrect test for invalid group/user names
Incorrect test for invalid group/user names
Status: CLOSED NEXTRELEASE
Product: Fedora
Classification: Fedora
Component: sectool (Show other bugs)
9
All Linux
low Severity medium
: ---
: ---
Assigned To: Michel Samia
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-26 11:22 EDT by Miloslav Trmač
Modified: 2008-06-03 08:11 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-06-03 08:11:38 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Miloslav Trmač 2008-05-26 11:22:34 EDT
Description of problem:
The regexp used in "group" to test whether a group name is valid, and in
"passwd" to test whether a user name is valid, is incorrect.  The correct test
(used uniformly in Fedora packages such as libuser and shadow) is:
* total length <= UT_NAMESIZE - 1
* allowed characters are [a-zA-Z0-9], '.', '_', '-'
* first character is not a hyphen
* in addition to the other allowed characters, the last character may be a '$'.

Version-Release number of selected component (if applicable):
sectool-0.7.4-1.i386
Comment 1 Michel Samia 2008-06-02 13:48:17 EDT
Thanks for the report.. Fixed in commits
http://git.fedorahosted.org/git/sectool.git/?p=sectool.git;a=commit;h=e6cdbc15694cc7aea0c6ba9e451eaec48a6d6358
and
http://git.fedorahosted.org/git/sectool.git/?p=sectool.git;a=commit;h=f4a36885b1302a883d439c612c5a8aec2c9bc95d

I watched chkname.c in shadow-utils and I found that even upper-case letters are
not allowed.. so the regex, with which I test it now, is '^[a-z_][a-z0-9_-]*[$]?$'
Comment 2 Miloslav Trmač 2008-06-02 13:57:43 EDT
Please check shadow-4.1.2-goodname.patch, which is used in our packages.  The
rules used by the patch are those I posted above.
Comment 3 Michel Samia 2008-06-03 08:11:38 EDT
OK, I used the regex from the shadow goodname patch, so now it is 
'^[a-zA-Z0-9_.][a-zA-Z0-9_.-]*[a-zA-Z0-9_.$-]?$'. (I don't test the length in
regex, but in another condition to give the user better error message about the
problem).

Note You need to log in before you can comment on or make changes to this bug.