[lug] Allowed Characters in passwd for comment (full name)
George Sexton
georges at mhsoftware.com
Wed Jan 20 10:28:23 MST 2016
On 1/20/2016 9:46 AM, David L. Anselmi wrote:
> George Sexton wrote:
>> So I've found out today that a : is probably not an allowed character
>> in the password file for the
>> user comment field.
>>
>> Does anyone know of any others I should be looking for?
>
> The man page doesn't say. Since : is the delimiter it would at least
> have to be escaped to use in a field. But my sense is that passwd(5)
> predates that sort of convention.
>
> I guess you'd have to look at the code to know for sure but here are
> some guesses:
>
> Nul, because it's the delimiter for C strings.
>
> non-ASCII characters. Without a spec it's probably safe to assume the
> file is ASCII. But maybe other encodings are supported. So is it 7
> bit ASCII or 8?
It appears to be UTF-8. I'm looking at my file, and I have accented
characters and Chinese characters co-existing.
>
> non-printable ASCII characters. These may be handled by now but there
> was probably an assumption once that comments would be printable
> characters.
Drat. I suppose I better think about sanitizing input a little more. I
think char < ' ' and char!=':' should cover it then.
I have a calendar signup form and it erred out because someone put a
smily :-) in the customer name field.
>
> If you do happen to look at the source you might submit a patch to the
> man page to document what you find.
>
> Dave
> _______________________________________________
> Web Page: http://lug.boulder.co.us
> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> Join us on IRC: irc.hackingsociety.org port=6667 channel=#hackingsociety
>
--
George Sexton
*MH Software, Inc.*
Voice: 303 438 9585
http://www.mhsoftware.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lug.boulder.co.us/pipermail/lug/attachments/20160120/3474b01e/attachment.html>
More information about the LUG
mailing list