• Bug#1101678: testsuite should test for weird characters in comment fiel

    From Marc Haber@21:1/5 to Marc Haber on Tue May 6 10:00:01 2025
    Control: severity -1 serious
    Control: retitle -1 problems with filtering/sanitizing input without libperl5.40
    thanks

    Justification: affects the installer

    On Sun, Mar 30, 2025 at 09:21:32AM +0200, Marc Haber wrote:
    We should test that adduser does the right things when weird characters
    are given in the comment field.

    This has turned out to be a major issue, affecting the installer. The
    issue is that adduserm in the installer, runs with a rather minimal
    version of perl. For example, libperl is not installed there. The
    adduser code already has a number of places where it runs with less functionality if certain libraries are not found at run time.

    Without libperl, regular expression processing seems to be rather
    limited. Especially, Unicode character classes like \p{L} don't seem to properly work, so it is hard to sanitize input that goes beyond
    US-ASCII. This is especially annoying with the comment field, where the
    real name of a new user is entered, and such, Thœmaß O'Málley can't have their real name entered in the installer.

    To make things worse, it is possible to install with an UTF-8 locale
    without libperl, so that the perl code sees UTF-8 characters as two
    characters, making it even impossible to match on \x{a0}-\x{ff} (the
    ISO-8859 range where international characters are placed). Short of implementing my own UTF-8 parser, there is no easy way to handle this.

    Thankfully, adduser doesn't really do anything with the comment short of handing it down to chfn. Therefore, a possible solution is to leave the
    comment from the command line tainted as it was read, and just remove
    the taint without doing any sanitation right before the call to the
    low-level tool (which will be changed to usermod -c in the process). The system() call is constructed with the command line already separated
    into an array and therefore usermod is called without a shell. Thus,
    adduser doesn't need to worry about weird characters here and leaves the
    pain to usermod (which is a compiled binary and thus is in a much better position to do safety checks in the installer).

    Greetings
    Marc

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)