From nobody@FreeBSD.org  Fri Jan 13 17:09:52 2006
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 2843A16A42D
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 13 Jan 2006 17:09:52 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (www.freebsd.org [216.136.204.117])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 0B51A43D8B
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 13 Jan 2006 17:09:47 +0000 (GMT)
	(envelope-from nobody@FreeBSD.org)
Received: from www.freebsd.org (localhost [127.0.0.1])
	by www.freebsd.org (8.13.1/8.13.1) with ESMTP id k0DH9kNP047932
	for <freebsd-gnats-submit@FreeBSD.org>; Fri, 13 Jan 2006 17:09:46 GMT
	(envelope-from nobody@www.freebsd.org)
Received: (from nobody@localhost)
	by www.freebsd.org (8.13.1/8.13.1/Submit) id k0DH9kLg047931;
	Fri, 13 Jan 2006 17:09:46 GMT
	(envelope-from nobody)
Message-Id: <200601131709.k0DH9kLg047931@www.freebsd.org>
Date: Fri, 13 Jan 2006 17:09:46 GMT
From: Werner Garca <werner@osi.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Adding a user named ".."
X-Send-Pr-Version: www-2.3

>Number:         91762
>Category:       bin
>Synopsis:       vipw(8): it is possible to add a user named ".."
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Fri Jan 13 17:20:08 GMT 2006
>Closed-Date:    Sat Feb 23 02:59:33 UTC 2008
>Last-Modified:  Sat Feb 23 02:59:33 UTC 2008
>Originator:     Werner Garca
>Release:        5.4
>Organization:
OSI de Guatemala, S.A.
>Environment:
FreeBSD kerberos.gua.net 5.4-RELEASE FreeBSD 5.4-RELEASE #0: Wed Aug 10 19:09:11 CST 2005     root@kerberos.gua.net:/usr/src/sys/i386/compile/FIREWALL  i386
>Description:
My question is:

Why can one add a user named "." or ".." with all the problems that this can cause?

Thanks.

>How-To-Repeat:
pw useradd ".."
>Fix:
Modify the user creation mechanisms to disable the use of user names ".", ".." and other critical symbols that have meaning to the operating system.
>Release-Note:
>Audit-Trail:

From: Ceri Davies <ceri@submonkey.net>
To: Werner GarcXa <werner@osi.net>
Cc: freebsd-gnats-submit@FreeBSD.org
Subject: Re: misc/91762: Adding a user named ".."
Date: Sat, 14 Jan 2006 13:08:05 +0000

 This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
 --Apple-Mail-2-23095973
 Content-Transfer-Encoding: 7bit
 Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
 
 
 On 13 Jan 2006, at 17:09, Werner GarcXa wrote:
 >
 
 > My question is:
 >
 > Why can one add a user named "." or ".." with all the problems that  
 > this can cause?
 
 a) There is no way to stop you
 b) UNIX generally gives you enough rope to hang yourself, should you  
 really want to.
 
 More importantly, what problems does it cause?  Perhaps we can fix  
 them elsewhere,
 
 
 > Modify the user creation mechanisms to disable the use of user  
 > names ".", ".." and other critical symbols that have meaning to the  
 > operating system.
 
 Aye, there's the rub.
 
 Ceri
 
 --Apple-Mail-2-23095973
 content-type: application/pgp-signature; x-mac-type=70674453;
 	name=PGP.sig
 content-description: This is a digitally signed message part
 content-disposition: inline; filename=PGP.sig
 content-transfer-encoding: 7bit
 
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1.4.1 (Darwin)
 
 iD8DBQFDyPe2me8yCsQvJJ0RAlmJAKC0liS0gx7UISpQCzXaaPBcnwygkgCgn1SK
 nF7ycXF3hF1w0Q8tKcDYdHA=
 =DMmV
 -----END PGP SIGNATURE-----
 
 --Apple-Mail-2-23095973--
State-Changed-From-To: open->closed 
State-Changed-By: linimon 
State-Changed-When: Sat Feb 23 02:58:35 UTC 2008 
State-Changed-Why:  
Feedback timeout (~2 years).  The response was a "this is not recommended." 

http://www.freebsd.org/cgi/query-pr.cgi?pr=91762 
>Unformatted:
