On Wed, Mar 26, 2025 at 08:54:09PM +0100, Pascal Hambourg wrote:
On 24/03/2025 at 20:29, Cyril Brulebois wrote:
Oh wow, that's indeed badly broken, and will need fixing before the next
release. Reproduced locally with a 'û' in my last name:
Mar 24 19:17:59 finish-install: info: Running
/usr/lib/finish-install.d/06user-setup
Mar 24 19:17:59 user-setup: Shadow passwords are now on.
Mar 24 20:17:59 chpasswd[8387]: pam_unix(chpasswd:chauthtok): password
changed for root
Mar 24 19:17:59 user-setup: invalid characters in Cyril
Br\x{fffd}\x{fffd}lebois at /usr/share/perl5/Debian/AdduserCommon.pm line 141.
(...)
No feedback during the installation process, just silent failure to
create the user. :(
Looping in adduser people for awareness and maybe tips. A quick look at
adduser.git suggests sanitation got added end 2024/beginning 2025…
If adduser exists in the target system then user-setup runs
adduser --disabled-password --gecos "$fullname" "$user" || true
else it runs
useradd -c "$fullname" -m "$user" || true
What is the advantage of calling adduser instead of useradd ?
Adduser is the Debian way of adding users. useradd has grown additional
capabilities in the three decades since adduser was invented, so the
difference is not so big any more.
IIUC adduser's new sanitation regex for the 'comment' (ex-gecos)
value) is defined by:
commentre => qr/["-_\.+!\$%&()\]\[;0-9a-zA-Z\/ ]*/
It looks like only ASCII characters are allowed. Oddly, adduser allows
non ASCII characters in interactive mode. useradd does not seem to
have such restriction for -c.
In interactive mode, it just calls chfn an lets it do the work.
I am open to changing that regexp in adduser. Probably I haven't been
giving appropriate thought about that when introducing the code to
adduser that allows it to run in perl's taint mode. Adduser's test suite
should probably test for weird characters in the comment field as well.
Possible options may include:
- align adduser's comment sanitation regex on useradd
Yes. That would be the way to go. I am open for suggestions. We should
probably allow the complete UTF-8 range (short of control characters)
here.
Greetings
Marc
--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421
