[1835] in Moira
Re: chfn changes
daemon@ATHENA.MIT.EDU (Garry Zacheiss)
Fri Jul 27 03:34:03 2001
Message-Id: <200107270734.DAA17343@brad-majors.mit.edu>
To: Jonathon Weiss <jweiss@MIT.EDU>
cc: Garry Zacheiss <zacheiss@MIT.EDU>, moiradev@MIT.EDU
In-Reply-To: Your message of "Thu, 26 Jul 2001 20:33:02 EDT."
<200107270033.UAA08382@the-other-woman.mit.edu>
Date: Fri, 27 Jul 2001 03:34:00 -0400
From: Garry Zacheiss <zacheiss@MIT.EDU>
>> The only concern I have is that something makes assumptions about the
>> format of this that chfn had been enforcing. finger doesn't seem to
>> have a problem with jhawk right now though. I'm a little concerned
>> about weird characters making it into a passwd file entry. I think
>> we probably ought to prevent comma and colon at the least.
If you look at chfn.c, you'll see that in the code immediately prior
to what was deleted (in ask()), we check and disallow double quotes,
colons, commas, and control characters for all fields; the code I
removed was doing additional (wrong) checking on phone number
information.
Garry
