This mail is an automated notification from the bugs tracker of the project: Savane.
/**************************************************************************/ [bugs #367] Full Item Snapshot: URL: <http://gna.org/bugs/?func=detailitem&item_id=367> Project: Savane Submitted by: Vincent Caron On: Tue 05/04/04 at 11:16 Category: Backend Severity: 3 - Average Priority: A - Later Resolution: None Assigned to: None Status: Open Release: Planned Release: Summary: We should sanitize user system info (login, full name, SSH key) Original Submission: As recently discovered in cvsreport:#364, some special characters in the GECOS fields can be interpreted in some funky ways by funny programs. We should check at least : - login is 16 chars max, and with restricted charset. ie m:^[a-z][a-z0-9]{0,15}$: (lowercase, only alphanumeric, does not begin with a number). - GECOS name field should be optionnaly UTF-8'ed, and cannot contain n or ':', nor escaping chars like ~ or &. Looks like we should require some dumb ASCII alphanumeric here, ie m:^[A-Za-z0-9-_' ]+$:. - SSH keys should look 'good', sthg like : m:^(ssh-rsa|ssh-dss) A[A-Za-z0-9/+]+=+( .*)?$: (admin note: try [EMAIL PROTECTED] /chroot/cvs/home) For detailed info, follow this link: <http://gna.org/bugs/?func=detailitem&item_id=367> _______________________________________________ Message sent via/by Gna! http://gna.org/
