On Sun, 2005-02-06 at 12:15 +0100, Marc Haber wrote: > By default, adduser will verify the user against a configurable > regexp, default being the most conservative ^[a-z][a-z0-9\-]*$. The > --force-badname option will change the regexp to a hardcoded > ^[-\._A-Za-z0-9]*\$?$, allowing users to happily hang themselves. This > gives the somewhat funny situation that the default can be configured > to be less restrictive than --force-badname, but I doubt that it would > be sensible to have --force-badname turn off all checks.
How about adding an additional check to the code path without --force-badname that checks that the username is a valid POSIX username. That is, make it check against the configurable regexp only when --force-badname is not given, and against the hardcoded one in both occasions. This would avoid the "funny situation" and not break any POSIX-following tools. -- Petri Latvala
signature.asc
Description: This is a digitally signed message part