[lug] Allowed Characters in passwd for comment (full name)

George Sexton georges at mhsoftware.com
Wed Jan 20 10:28:23 MST 2016



On 1/20/2016 9:46 AM, David L. Anselmi wrote:
> George Sexton wrote:
>> So I've found out today that a : is probably not an allowed character 
>> in the password file for the
>> user comment field.
>>
>> Does anyone know of any others I should be looking for?
>
> The man page doesn't say.  Since : is the delimiter it would at least 
> have to be escaped to use in a field.  But my sense is that passwd(5) 
> predates that sort of convention.
>
> I guess you'd have to look at the code to know for sure but here are 
> some guesses:
>
> Nul, because it's the delimiter for C strings.
>
> non-ASCII characters.  Without a spec it's probably safe to assume the 
> file is ASCII.  But maybe other encodings are supported.  So is it 7 
> bit ASCII or 8?

It appears to be UTF-8. I'm looking at my file, and I have accented 
characters and Chinese characters co-existing.

>
> non-printable ASCII characters.  These may be handled by now but there 
> was probably an assumption once that comments would be printable 
> characters.

Drat. I suppose I better think about sanitizing input a little more. I 
think char < ' ' and char!=':' should cover it then.

I have a calendar signup form and it erred out because someone put a 
smily :-) in the customer name field.


>
> If you do happen to look at the source you might submit a patch to the 
> man page to document what you find.
>
> Dave
> _______________________________________________
> Web Page:  http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>

-- 
George Sexton
*MH Software, Inc.*
Voice: 303 438 9585
http://www.mhsoftware.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20160120/3474b01e/attachment.html>


More information about the LUG mailing list