Date: Fri, 13 Jan 2006 17:09:46 GMT From: Werner García <werner@osi.net> To: freebsd-gnats-submit@FreeBSD.org Subject: misc/91762: Adding a user named ".." Message-ID: <200601131709.k0DH9kLg047931@www.freebsd.org> Resent-Message-ID: <200601131720.k0DHK9w1097066@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 91762 >Category: misc >Synopsis: Adding a user named ".." >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Fri Jan 13 17:20:08 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Werner García >Release: 5.4 >Organization: OSI de Guatemala, S.A. >Environment: FreeBSD kerberos.gua.net 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Wed Aug 10 19:09:11 CST 2005 root@kerberos.gua.net:/usr/src/sys/i386/compile/FIREWALL i386 >Description: My question is: Why can one add a user named "." or ".." with all the problems that this can cause? Thanks. >How-To-Repeat: pw useradd ".." >Fix: Modify the user creation mechanisms to disable the use of user names ".", ".." and other critical symbols that have meaning to the operating system. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200601131709.k0DH9kLg047931>