> daemon_create_user_authorized_cb() lacks a "--" in the argument
builder, so accounts with a leading dash will be taken as an argument:
looking at adduser's source code, I see this comment:
(gtx("%s: To avoid problems, the username should consist only of
letters, digits, underscores, periods, at signs and dashes, and not start with
a dash (as defined by IEEE Std 1003.1-2001).
So I guess we don't want to fix that. It works perfectly adding users
with '-' and '_' in the name.
> Additionally, nothing validates the contents of user_name and
real_name ("useradd" should, but best to do _some_ sanity checking).
the user accounts panel in gnome-control-center does check the
user_name, and also accountsservice itself uses the regexp to check the
validity of the user_name
> I see no way for the daemon to shut down during a package upgrade (and
the associated postinst to perform that).
ok, added this to the attached package branch
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/785680
Title:
[MIR] accountsservice
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/785680/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
