[Pkg-shadow-devel] Length of user names with regard to encoding.
Chris Hofstaedtler
zeha at debian.org
Thu Nov 14 19:53:41 GMT 2024
Hi Marc,
* Marc Haber <mh+pkg-shadow-devel at zugschlus.de> [241110 13:33]:
> Hi,
>
> adduser has been enforcing a 32 character limit for the _encoded_ user
> name. Thus, ффффффффффффффффф (which is 34 bytes long in the encoded
> variant) is invalid from adduser's point of view. We are testing for
> this in the test suite.
I didn't reply because I don't actually know anything here. I meant
to check the useradd/del/mod/... source, but didn't find time yet.
> However, during debugging and improving UTF-8-support, I have found out
> that an account named ффффффффффффффффф _CAN_ be created and seems to
> happily work.
I'm wondering if this working is an accident. The code in src:shadow
might be utf-8 clean, but maybe not "intentionally". Upstream has
some open PRs to generally improve string handling.
> Should we:
>
> - continue to enforce the encoded length of the user name to be < 32
> - limit length of the user name to be < 32 _characters_ regardless
> of how long it is encoded?
> - drop the length limit altogether?
> - something else?
Yeah, don't really know. I kinda expected it to be <32 bytes (not
characters), but that was just my feeling without having checked
anything.
Sorry for not being able to say anything useful.
Chris
More information about the Pkg-shadow-devel
mailing list