[Pkg-shadow-devel] Musings about Usernames in adduser and Debian
Timo Röhling
roehling at debian.org
Fri Nov 22 14:29:24 GMT 2024
Hi,
* Richard Lewis <richard.lewis.debian at googlemail.com> [2024-11-21
* 22:05]:
>would allowing utf-8 enable some of the abuse described at
>https://lwn.net/Articles/874951/ ?
>
>as usernames appear in logs and other output (and are passed to all
>sorts of commands), it seems a bad idea to be too permissive or to
>change from historic practice by default, even though from a user pov it
>would be nice to have the option
I have no experience with bidirectional attacks, but browsers
mitigate homograph attacks in IDNs by disallowing mixed alphabets
such as cyrillic and latin letters in the same name. That seems to
be a reasonable restriction for user names as well.
Cheers
Timo
--
⢀⣴⠾⠻⢶⣦⠀ ╭────────────────────────────────────────────────────╮
⣾⠁⢠⠒⠀⣿⡁ │ Timo Röhling │
⢿⡄⠘⠷⠚⠋⠀ │ 9B03 EBB9 8300 DF97 C2B1 23BF CC8C 6BDD 1403 F4CA │
⠈⠳⣄⠀⠀⠀⠀ ╰────────────────────────────────────────────────────╯
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-shadow-devel/attachments/20241122/e6cf63a2/attachment.sig>
More information about the Pkg-shadow-devel
mailing list