On Wed, Mar 26, 2025 at 08:54:09PM +0100, Pascal Hambourg wrote:
On 24/03/2025 at 20:29, Cyril Brulebois wrote:Oh wow, that's indeed badly broken, and will need fixing before the next release. Reproduced locally with a 'û' in my last name: Mar 24 19:17:59 finish-install: info: Running /usr/lib/finish-install.d/06user-setup Mar 24 19:17:59 user-setup: Shadow passwords are now on. Mar 24 20:17:59 chpasswd[8387]: pam_unix(chpasswd:chauthtok): password changed for root Mar 24 19:17:59 user-setup: invalid characters in Cyril Br\x{fffd}\x{fffd}lebois at /usr/share/perl5/Debian/AdduserCommon.pm line 141.(...)No feedback during the installation process, just silent failure to create the user. :( Looping in adduser people for awareness and maybe tips. A quick look at adduser.git suggests sanitation got added end 2024/beginning 2025…If adduser exists in the target system then user-setup runs adduser --disabled-password --gecos "$fullname" "$user" || true else it runs useradd -c "$fullname" -m "$user" || true What is the advantage of calling adduser instead of useradd ?
Adduser is the Debian way of adding users. useradd has grown additional capabilities in the three decades since adduser was invented, so the difference is not so big any more.
IIUC adduser's new sanitation regex for the 'comment' (ex-gecos) value) is defined by:commentre => qr/["-_\.+!\$%&()\]\[;0-9a-zA-Z\/ ]*/It looks like only ASCII characters are allowed. Oddly, adduser allows non ASCII characters in interactive mode. useradd does not seem to have such restriction for -c.
In interactive mode, it just calls chfn an lets it do the work.I am open to changing that regexp in adduser. Probably I haven't been giving appropriate thought about that when introducing the code to adduser that allows it to run in perl's taint mode. Adduser's test suite should probably test for weird characters in the comment field as well.
Possible options may include: - align adduser's comment sanitation regex on useradd
Yes. That would be the way to go. I am open for suggestions. We should probably allow the complete UTF-8 range (short of control characters) here.
Greetings Marc -- ----------------------------------------------------------------------------- Marc Haber | "I don't trust Computers. They | Mailadresse im Header Leimen, Germany | lose things." Winona Ryder | Fon: *49 6224 1600402 Nordisch by Nature | How to make an American Quilt | Fax: *49 6224 1600421