<div dir="ltr"><div>The most common issue that would impact UTF-8 is programs that use strchr() and pointer math on strings that originated in the passwd file. <br></div><div><br></div><div>There are also issues about various services that have to implement different rules than the usual unix world about safe/valid characters. Many of these tend to assume that usernames would only contain uppercase, lowercase, underscore, (maybe period), numbers, and weren't coded defensively. Not long ago, they often still assumed the username was no more than eight bytes long.</div><div><br></div><div>Most of the non-legacy code running on linux isn't *too* far from being able to handle UTF-8 usernames. I suspect there would be a surprising amount of breakage, but with only minor patching needed to resolve most cases.</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Tue, Sep 16, 2014 at 7:58 AM, Rob Landley <span dir="ltr"><<a href="mailto:rob@landley.net" target="_blank">rob@landley.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I looked up the actual requirements for posix username sanitizing, and<br>
it's concerns are _filename_ portability, presumably for the /home/$USER<br>
directory:<br>
<br>
<a href="http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap03.html#tag_03_426" target="_blank">http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap03.html#tag_03_426</a><br>
<br>
<a href="http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap03.html#tag_03_276" target="_blank">http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap03.html#tag_03_276</a><br>
<br>
(And objecting to - as the first character, presuably so "ls $USER"<br>
isn't interpreted as an option. Except you need to be root to create a<br>
new user, so I'm a bit confused at concerns over attacking the system<br>
from that direction...? This is also why -- was invented, and scripts<br>
use "printf" instead of "echo", and so on...)<br>
<br>
These filename issues aren't actually a concern on Linux, which allows<br>
any character except "/" and NUL in filenames.<br>
<br>
Note that posix above doesn't allow $ as the last character, which the<br>
is_valid_username() stuff does, presumably because redhat allows it?<br>
<br>
Is there more information on the use cases here? A username can't have<br>
":" in it because it's a colon delimited field, and it can't have "/" if<br>
it's being used as a filename, but other than that why aren't other<br>
characters allowed? Specifically, why can't we have utf8 usernames?<br>
<br>
Rob<br>
_______________________________________________<br>
Toybox mailing list<br>
<a href="mailto:Toybox@lists.landley.net">Toybox@lists.landley.net</a><br>
<a href="http://lists.landley.net/listinfo.cgi/toybox-landley.net" target="_blank">http://lists.landley.net/listinfo.cgi/toybox-landley.net</a><br>
</blockquote></div><br></div>