[Savane-dev] [bugs #367] We should sanitize user system info (login, full name, SSH key)

Tue, 04 May 2004 12:45:40 +0200 

This mail is an automated notification from the bugs tracker
 of the project: Savane.

/**************************************************************************/
[bugs #367] Latest Modifications:

Changes by: 
                Mathieu Roy <[EMAIL PROTECTED]>
'Date: 
                mar 04.05.2004 à 12:41 (Europe/Paris)

------------------ Additional Follow-up Comments ----------------------------
"login is 16 chars max, and with restricted charset. ie 
m:^[a-z][a-z0-9]{0,15}$: (lowercase, only alphanumeric, does not begin with a 
number)."



This is already the case. 






/**************************************************************************/
[bugs #367] Full Item Snapshot:

URL: <http://gna.org/bugs/?func=detailitem&item_id=367>
Project: Savane
Submitted by: Vincent Caron
On: mar 04.05.2004 à 11:16

Category:  Backend
Severity:  3 - Average
Priority:  A - Later
Resolution:  None
Assigned to:  None
Status:  Open
Release:  
Planned Release:  


Summary:  We should sanitize user system info (login, full name, SSH key)

Original Submission:  As recently discovered in cvsreport:#364, some special 
characters in the GECOS fields can be interpreted in some funky ways by funny 
programs. We should check at least :



- login is 16 chars max, and with restricted charset. ie 
m:^[a-z][a-z0-9]{0,15}$: (lowercase, only alphanumeric, does not begin with a 
number).



- GECOS name field should be optionnaly UTF-8'ed, and cannot contain n or ':', 
nor escaping chars like ~ or &. Looks like we should require some dumb ASCII 
alphanumeric here, ie m:^[A-Za-z0-9-_' ]+$:.



- SSH keys should look 'good', sthg like :



m:^(ssh-rsa|ssh-dss) A[A-Za-z0-9/+]+=+( .*)?$:



(admin note: try [EMAIL PROTECTED] /chroot/cvs/home)



Commentaires :
------------------


-------------------------------------------------------
Date: mar 04.05.2004 à 12:41        By: yeupou
"login is 16 chars max, and with restricted charset. ie 
m:^[a-z][a-z0-9]{0,15}$: (lowercase, only alphanumeric, does not begin with a 
number)."



This is already the case. 












For detailed info, follow this link:
<http://gna.org/bugs/?func=detailitem&item_id=367>

_______________________________________________
  Message sent via/by Gna!
  http://gna.org/

Reply via email to