Bug#1101196: installation-reports: Trixie Installer fails to create first user when full name contains non-ASCII characters and spaces

To: Pascal Hambourg <pascal@plouf.fr.eu.org>
Cc: 1101196@bugs.debian.org, Cyril Brulebois <kibi@debian.org>, adduser@packages.debian.org
Subject: Bug#1101196: installation-reports: Trixie Installer fails to create first user when full name contains non-ASCII characters and spaces
From: Marc Haber <mh+debian-packages@zugschlus.de>
Date: Tue, 6 May 2025 11:10:06 +0200
Message-id: <[🔎] aBnR7oTU45WWGWj-@torres.zugschlus.de>
Reply-to: Marc Haber <mh+debian-packages@zugschlus.de>, 1101196@bugs.debian.org
In-reply-to: <[🔎] 7c49c2c7-9f1f-4c86-bc56-1027901aa49f@plouf.fr.eu.org>
References: <174283459382.1665.17315616034420603262.reportbug@debian.domain.com> <[🔎] aBXl21xxWQdD6YRl@torres.zugschlus.de> <[🔎] e20b477a-51ba-4294-9f1a-3f79972b9cae@plouf.fr.eu.org> <[🔎] aBcsI6vJjBt7ePsC@torres.zugschlus.de> <174283459382.1665.17315616034420603262.reportbug@debian.domain.com> <[🔎] aBdrRx6gVseeRs5L@torres.zugschlus.de> <[🔎] 1e9b391d-a7fa-4d27-ab80-acdc2e5be40b@plouf.fr.eu.org> <174283459382.1665.17315616034420603262.reportbug@debian.domain.com> <[🔎] aBioaVBDceIff1Zf@torres.zugschlus.de> <[🔎] 7c49c2c7-9f1f-4c86-bc56-1027901aa49f@plouf.fr.eu.org> <174283459382.1665.17315616034420603262.reportbug@debian.domain.com>

On Tue, May 06, 2025 at 12:00:35AM +0200, Pascal Hambourg wrote:

So for the time being, adduser will still fail if the full namecontains some UTF-8 letters and d-i should handle it. Either identifyand reject these letters, or set the full name with chfn or useradd asa workaround.

After sleeping twice on the issue and using Mini Debconf Hamburg todiscuss this with other people, I think I have a fix.

The problem is that UTF-8 handling is unclear when libperl is notinstalled. This might be caused by our handling to not error out whenthe perl Encode module is not present. In that case the Encode functionsare just replaced by no-op dummies which seems to cause the pain theinstaller. Accented Characters handed in from an UTF-8 terminal via--comment arrive in adduser as two bytes, which makes regexp handlingimpossible short of implementing my own UTF-8 encoding code. I am notgoing to move down this way.

Thankfully adduser doesn't do anything with the --comment. Adduser onlyhands it down to the low-level tools from src::shadow. Hence, it doesn'thave to worry about someone attacking adduser. I have removed allearly sanitizing code from the string that comes in via the --commentoption, keeping the variable tainted during the entire run of adduser.This will keep adduser from doing dangerous things with the variable(adduser currently doesn't do anything, and in case someone forgets thatthe string is not sanitized perl will complain).

Only just before handing the string down to the low-level tool, thetaint flag is removed from the string without changing anything. Thecall to the low-level tool is carefully done without a shell. The restis the job of the low-level tool.


You can try the wip-comment1 branch on salsa. I will upload tonight.

Greetings
Marc

--
-----------------------------------------------------------------------------
Marc Haber         | "I don't trust Computers. They | Mailadresse im Header
Leimen, Germany    |  lose things."    Winona Ryder | Fon: *49 6224 1600402
Nordisch by Nature |  How to make an American Quilt | Fax: *49 6224 1600421

Reply to:

Follow-Ups:
- Bug#1101196: installation-reports: Trixie Installer fails to create first user when full name contains non-ASCII characters and spaces
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>

References:
- Bug#1101196: installation-reports: Trixie Installer fails to create first user when full name contains non-ASCII characters and spaces
  - From: Marc Haber <mh+debian-packages@zugschlus.de>
- Bug#1101196: installation-reports: Trixie Installer fails to create first user when full name contains non-ASCII characters and spaces
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Bug#1101196: installation-reports: Trixie Installer fails to create first user when full name contains non-ASCII characters and spaces
  - From: Marc Haber <mh+debian-packages@zugschlus.de>
- Bug#1101196: installation-reports: Trixie Installer fails to create first user when full name contains non-ASCII characters and spaces
  - From: Marc Haber <mh+debian-packages@zugschlus.de>
- Bug#1101196: installation-reports: Trixie Installer fails to create first user when full name contains non-ASCII characters and spaces
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>
- Bug#1101196: installation-reports: Trixie Installer fails to create first user when full name contains non-ASCII characters and spaces
  - From: Marc Haber <mh+debian-packages@zugschlus.de>
- Bug#1101196: installation-reports: Trixie Installer fails to create first user when full name contains non-ASCII characters and spaces
  - From: Pascal Hambourg <pascal@plouf.fr.eu.org>

Prev by Date: Re: Uploading linux (6.12.26-1)
Next by Date: debootstrap_1.0.141~bpo12+1_source.changes ACCEPTED into stable-backports
Previous by thread: Bug#1101196: installation-reports: Trixie Installer fails to create first user when full name contains non-ASCII characters and spaces
Next by thread: Bug#1101196: installation-reports: Trixie Installer fails to create first user when full name contains non-ASCII characters and spaces
Index(es):
- Date
- Thread