[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#77920: passwords entered in base-config are not treated literally

Package: boot-floppies
Version: N/A; reported 2000-11-24
Severity: important

When asked for a passwd on first boot, certain punctuation characters are
mangled.  This bug should be considered RC because following good security
practices (ie, feeding damned near line noise in for a passwd) is able to
give you a system you can't even login to - if this were my first
experience with Debian I'd go install something else!

The obvious workaround is to enter an alphanumeric passwd and change it
after login.

The correct solution is to ensure that the string typed by the user is not
screwed with in any way.  This means nothing special should happen to
characters such as $ # \ % & | etc that may be entered.

-- System Information
Debian Release: woody
Architecture: i386
Kernel: Linux trinity 2.2.18pre15 #1 Wed Nov 8 14:37:38 EST 2000 i686

Joseph Carter <knghtbrd@debian.org>               GnuPG key 1024D/DCF9DAB3
Debian GNU/Linux (http://www.debian.org/)         20F6 2261 F185 7A3E 79FC
The QuakeForge Project (http://quakeforge.net/)   44F9 8FF7 D7A3 DCF9 DAB3

"The difference between genius and stupidity is that genius has it's
        -- Albert Einstein

Reply to: