You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
By my reading of ssh.py and sshd(8), section "AUTHORIZED_KEYS FILE FORMAT", the risks being blocked by this username validation are:
Double-quote: would close the command= option
Backslash and comma: potentially risky because the parsing isn't clearly specified
Whitespace: would prematurely terminate the username argument to gitosis-serve
Shell special characters: unspecified whether sshd runs the command through a shell so best to assume it does; also the user is passed to hooks through the GITOSIS_USER environment variable
Non-printable-ASCII characters: uncertain
The last two suggest that the exact set of safe characters is system- and perhaps even locale-dependent. Nonetheless, we can say for certain that what constitutes a valid username, hostname, or email address on any particular system does not enter into it.
I got bit by this, and I'm not the only one, so might I suggest the more permissive yet still conservative regexp:
^[a-zA-Z0-9@_.-]+$
Incidentally, this is closer to what one might have expected from reading the commit message on cbea178.
A risk would be if people have built hooks using GITOSIS_USER that rely on the current validation. Given that it's not documented as any sort of stable thing, I would suggest that such users should either be doing their own validation or else looking closely for any changes that might affect their assumptions before upgrading.
The text was updated successfully, but these errors were encountered:
By my reading of
ssh.pyandsshd(8), section "AUTHORIZED_KEYS FILE FORMAT", the risks being blocked by this username validation are:The last two suggest that the exact set of safe characters is system- and perhaps even locale-dependent. Nonetheless, we can say for certain that what constitutes a valid username, hostname, or email address on any particular system does not enter into it.
I got bit by this, and I'm not the only one, so might I suggest the more permissive yet still conservative regexp:
Incidentally, this is closer to what one might have expected from reading the commit message on cbea178.
A risk would be if people have built hooks using GITOSIS_USER that rely on the current validation. Given that it's not documented as any sort of stable thing, I would suggest that such users should either be doing their own validation or else looking closely for any changes that might affect their assumptions before upgrading.
The text was updated successfully, but these errors were encountered: