[systemd-devel] Github systemd issue 6237
Jan Synacek
jsynacek at redhat.com
Tue Jul 11 10:41:07 UTC 2017
On Mon, Jul 10, 2017 at 4:41 PM, Lennart Poettering
<lennart at poettering.net> wrote:
> On Mon, 10.07.17 15:58, Lennart Poettering (lennart at poettering.net) wrote:
>
>> On Mon, 10.07.17 15:16, Jan Synacek (jsynacek at redhat.com) wrote:
>>
>> > On Mon, Jul 10, 2017 at 12:42 PM, Lennart Poettering
>> > <lennart at poettering.net> wrote:
>> > > Now, because this is so weakly defined, we hence do not follow POSIX
>> > > rules, but filter out more that might be dangerous. Specifically:
>> > >
>> > > 1. We do not permit empty usernames
>> > > 2. We don't permit the first character to be numeric
>> > > (This also filters out fully numeric user names)
>> > > 3. We do not permit dots in usernames, neither at the beginning nor in
>> > > the middle.
>> > > 4. We do not permit "-" at the beginning of usernames (something which
>> > > POSIX explicitly suggests, btw)
>> > > 5. We require that the user name fits in the utmp user name field, so
>> > > that we can always log properly about it.
>> >
>> > Is this documented somewhere? If not, it would be great to have it
>> > documented. I'm pretty sure that this exact paragraph would be ok.
>>
>> There's a longer (and not entirely complete) comment about this in the
>> sources, but other than that it's not explicitly documented.
>>
>> If you prep a patch that adds this to the User=/Group= man page, this
>> would certainly be welcome. However, it should be reworded, as we
>> shouldn't say "We" there, and probably drop explicit references to
>> POSIX and utmp there, and instead just dryly state the accepted
>> character set + minimum and maximum string lengths.
>
> I have posted a PR documenting this just now:
>
> https://github.com/systemd/systemd/pull/6321
Thanks for the fast response!
--
Jan Synacek
Software Engineer, Red Hat
More information about the systemd-devel
mailing list