On Mon, 10.07.17 21:15, Michael Chapman (m...@very.puzzling.org) wrote: > > Now, I do think that systemd has the duty to complain about any system > > user names outside of the safe range. Not only for security reasons, > > but also for portability and compatibility reasons: I think we should > > ensure that unit files remain portable, and hence we should try to > > filter out early stuff that's unlikely going to work outside of the > > local scope. > > I'm curious as to what you consider portability and compatibility > here.
I want that units written on a system A are likely to work on a system B. And this means that making use of concepts that are valid on A but knowingly invalid on B is something we should complain loudly about. Sure, there are always limitations to make things portable. But this specific issue is an easy one, and a widely understood one (again: google for it). > But there are less obviously bad usernames, because -- as you point out -- > they're _actually in use already_. I myself already have systems with > usernames that begin with a digit; I don't want those systems to suddenly > break just because I update the Linux release to something that runs > systemd. (In practice they probably won't break, since I'm unlikely to write > system units for these users. But the principle of the matter > stands.) Well, it took 3 years or so, until someone noticed the strict rules we enforce. I seriously doubt that naming system users in such unsafe ways is really that wide-spread usage. > Sorry, but I really can't see how forbidding usernames like "joe.hacker" or > "0day" improves security. As you said, they're perfectly valid > usernames. Did I say that? I really don't think they are "perfectly valid"! They are questionable on all levels. And if people use them for regular users that's fine for them, but for system users I think stricter requirements need to apply. But anyway, I doubt we have to continue this here, we have different understandings of security. I think validation is a good thing, and filtering out dangerous strings early is a good thing. People can always shoot themselves in the foot, and you have every right to, but I really doubt this easy, well understood superficial check is the right place to insist that the right to shooting yourself in the foot is more important than the intention to secure things down. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel
