dealing with usernames containing whitespace

Gerald (Jerry) Carter jerry at
Wed Jan 31 14:36:06 GMT 2007

Hash: SHA1

SATOH Fumiyasu wrote:

> As you know, the variable substitutions on 
> the shell command-line is very horrible because
> variables can contain special (meta) characters
> for shells.

Yup.  Which is why this is a very specific patch
avoiding that problem.  We swap one character for
one space.  And the replacement character must be
ASCII (I need to add a check for that) to avoid having
to expand the string length.

For most people, this patch is irrelevant because
most sane domain installations don't use whitespace
in usernames.

> But the "replace special characters in variables before
> substituting" is bad too because:
>   1) I want to pass the variable as is (without replacing) to
>      a command-line in some cases, e.g. see
>      (and
>   2) There are many "/bin/sh" variants that have common
>      "special characters and syntaxes" and **different** one.
>      That is why you can not define what characters are
>      special.
> I think the best solution to fix this this problem is
> "set environment variables (e.g. $SAMBA_XXXX?) to pass
> values before shell executing". Of course a command,
> executed from smbd via /bin/sh, must take care that
> environment variables can contain special characters. 

I don't see how the environment variables alleviate
the problem.  But perhaps I'm missing something.  Also this
would be an extremely incompatible change if all parameters
were passed via the environment stack rather than as command
line args.

cheers, jerry
Samba                                    -------
Centeris                         -----------
"What man is a man who does not make the world better?"      --Balian
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla -


More information about the samba-technical mailing list