[issue4859] pwd, spwd, grp functions vulnerable to denial of service
STINNER Victor
report at bugs.python.org
Wed Jan 7 12:05:48 CET 2009
STINNER Victor <victor.stinner at haypocalc.com> added the comment:
> it's conceivable that arbitrary data could even be
> placed in the username field.
On Ubuntu, it's not possible to create an user with a non-ASCII name:
$ sudo adduser é --no-create-home
adduser: To avoid problems, the username should consist only of
letters, digits, underscores, periods, at signs and dashes, and not
start with a dash (as defined by IEEE Std 1003.1-2001). For
compatibility with Samba machine accounts $ is also supported at
the end of the username
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue4859>
_______________________________________
More information about the Python-bugs-list
mailing list