[PATCH] enforce maxlenght in usernames

Tito farmatito at tiscali.it
Wed Jul 27 19:56:11 UTC 2011


On Wednesday 27 July 2011 21:39:29 Matthias Andree wrote:
> Am 27.07.2011 21:33, schrieb Tito:
> > Hi,
> > while reading man useradd on my box I stumbles across this line:
> > 
> > Usernames may only be up to 32 characters long.
> > 
> > 
> > So it seems to be a good idea to enforce this also in busybox.
> > I've added the relevant code to the die_if_bad_username libb function.
> > Please apply if you like it.  Hints, critics and improvements are welcome.
> 
> Unfortunate mixing of mechanism (code) and policy.  Doesn't belong there.

Saying that it does not belong there is not enough, please tell me also
where it should be. Looked like a good place to me. In the same 
function we check for illegal chars in usernames. You should also take
into account that busybox does not support conf files for the adduser
applet. Eventually the value could be made a config option (so that it could be
changed) but it looks like bloat to me. Another way could be to add a define
to libbb.h

#define MAX_USERNAME_LENGTH 32

Ciao,
Tito



More information about the busybox mailing list