https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224556
--- Comment #2 from Bernard Steiner <[email protected]> --- (In reply to Brooks Davis from comment #1) Yes, no checking for dots. Using solely this list of forbidden characters, one can still construct the user names "." and ".." and "pw useradd .." does The Evil Thing. (I Did This, but then refrained from using pw userdel for the obvious reason.) I would argue that passing garbage for "-d dir" is different in that the checking of the garbage is up to the invoker of the command. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-bugs To unsubscribe, send any mail to "[email protected]"
