Savane - Bugs: bug #367, We should sanitize user system... [Gna!]

Savane - Bugs: bug #367, We should sanitize user system...

Group

Main
- Main
- View Members
- Search
Homepage
Download
Docs
- Browse
- Submit
- Edit
- Digest
- Export
- Search
Support
- Browse
- Reset to all open ones
- Submit
- Digest
- Export
- View Statistics
- Search
Mailing Lists
Source Code
- Use Subversion
- Browse Sources Repository
Bugs
- Browse
- Reset to all open ones
- Submit
- Digest
- Export
- View Statistics
- Search
Tasks
- Browse
- Reset to all open ones
- Submit
- Digest
- Export
- View Statistics
- Search
News
- Browse
- Atom Feed
- Submit
- Manage

Show feedback again

You are not allowed to post comments on this tracker with your current authentification level.

bug #367: We should sanitize user system info (login, full name, SSH key)

Submitted by:	Vincent Caron <zerodeux>
Submitted on:	Tue 04 May 2004 09:16:43 AM UTC

Category:	Backend	Status:	Postponed
Severity:	3 - Normal	Priority:	A - Later
Assigned to:	None	Open/Closed:	Open
Release:		Planned Release:
Reproducibility:	None	Privacy:	Public

Wed 23 May 2007 09:45:22 PM UTC, comment #2:

<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=761">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=761</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=760">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=760</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=759">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=759</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=758">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=758</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=757">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=757</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=756">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=756</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=755">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=755</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=754">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=754</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=753">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=753</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=752">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=752</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=751">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=751</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=750">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=750</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=749">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=749</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=748">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=748</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=747">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=747</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=746">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=746</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=745">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=745</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=744">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=744</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=743">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=743</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=742">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=742</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=741">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=741</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=740">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=740</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=739">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=739</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=738">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=738</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=737">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=737</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=736">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=736</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=735">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=735</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=734">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=734</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=733">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=733</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=732">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=732</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=731">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=731</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=730">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=730</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=729">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=729</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=728">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=728</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=727">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=727</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=726">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=726</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=725">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=725</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=724">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=724</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=723">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=723</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=722">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=722</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=721">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=721</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=720">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=720</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=719">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=719</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=718">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=718</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=717">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=717</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=716">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=716</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=715">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=715</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=714">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=714</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=713">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=713</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=712">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=712</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=711">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=711</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=710">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=710</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=709">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=709</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=708">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=708</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=707">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=707</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=706">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=706</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=705">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=705</a>
<a href="http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=704">http://comp.uark.edu/~kcason/forum/phpBB2/viewtopic.php?t=704</a>

john book <dedes151>

Tue 04 May 2004 10:41:55 AM UTC, comment #1:

"login is 16 chars max, and with restricted charset. ie m:^[a-z][a-z0-9]{0,15}$: (lowercase, only alphanumeric, does not begin with a number)."

This is already the case.

Mathieu Roy <yeupou>
Project Administrator

Project Administrator

Tue 04 May 2004 09:16:43 AM UTC, original submission:

As recently discovered in cvsreport:#364, some special characters in the GECOS fields can be interpreted in some funky ways by funny programs. We should check at least :

- login is 16 chars max, and with restricted charset. ie m:^[a-z][a-z0-9]{0,15}$: (lowercase, only alphanumeric, does not begin with a number).

- GECOS name field should be optionnaly UTF-8'ed, and cannot contain \n or ':', nor escaping chars like ~ or &. Looks like we should require some dumb ASCII alphanumeric here, ie m:^[A-Za-z0-9\-_' ]+$:.

- SSH keys should look 'good', sthg like :

m:^(ssh-rsa|ssh-dss) A[A-Za-z0-9/+]+=+( .*)?$:

(admin note: try root@lisa.gna.org:~/keycheck /chroot/cvs/home)

Vincent Caron <zerodeux>
Project Member

Project Member

No files currently attached

Depends on the following items: None found

Items that depend on this one: None found

Carbon-Copy List

-unavailable- added by dedes151 (Posted a comment)

-unavailable- added by yeupou (Posted a comment)

-unavailable- added by zerodeux (Submitted the item)

Do you think this task is very important?
If so, you can click here to add your encouragement to it.
This task has 0 encouragements so far.

Only logged-in users can vote.

Please enter the title of George Orwell's famous dystopian book (it's a date):

Follow 2 latest changes.

Date	Changed By	Updated Field	Previous Value	=>	Replaced By
Fri 23 Sep 2005 11:02:39 AM UTC	yeupou	Status	None		Postponed
		Priority	-Automatic update due to transitions settings-		A - Later

Show feedback again

Powered by Savane 3.1-cleanup