dealing with usernames containing whitespace

Gerald (Jerry) Carter jerry at samba.org
Wed Jan 31 14:36:06 GMT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

SATOH Fumiyasu wrote:

> As you know, the variable substitutions on 
> the shell command-line is very horrible because
> variables can contain special (meta) characters
> for shells.

Yup.  Which is why this is a very specific patch
avoiding that problem.  We swap one character for
one space.  And the replacement character must be
ASCII (I need to add a check for that) to avoid having
to expand the string length.

For most people, this patch is irrelevant because
most sane domain installations don't use whitespace
in usernames.

> But the "replace special characters in variables before
> substituting" is bad too because:
> 
>   1) I want to pass the variable as is (without replacing) to
>      a command-line in some cases, e.g. see
>      https://bugzilla.samba.org/show_bug.cgi?id=2345
>      (and https://bugzilla.samba.org/show_bug.cgi?id=593).
>   2) There are many "/bin/sh" variants that have common
>      "special characters and syntaxes" and **different** one.
>      That is why you can not define what characters are
>      special.
> 
> I think the best solution to fix this this problem is
> "set environment variables (e.g. $SAMBA_XXXX?) to pass
> values before shell executing". Of course a command,
> executed from smbd via /bin/sh, must take care that
> environment variables can contain special characters. 

I don't see how the environment variables alleviate
the problem.  But perhaps I'm missing something.  Also this
would be an extremely incompatible change if all parameters
were passed via the environment stack rather than as command
line args.





cheers, jerry
=====================================================================
Samba                                    ------- http://www.samba.org
Centeris                         -----------  http://www.centeris.com
"What man is a man who does not make the world better?"      --Balian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFFwKlWIR7qMdg1EfYRAhGCAJ0fkxy53mFcgVC5SCnNaJDmJeVEbgCfSGp6
H7dm7i2B55K5lTk2bW/Pdd4=
=cf5e
-----END PGP SIGNATURE-----

More information about the samba-technical mailing list