users: Fix checking username in retrieving SSH key (!479) · Merge requests · FreedomBox / FreedomBox

Sunil Mohan Adapa requested to merge SunilMohanAdapa:fix-get-sshkey into master Jun 03, 2016

Created by: SunilMohanAdapa

The current username check is too restrictive and has a mismatch with what we allow people to create in UI. So, it is entirely possible that people create a valid user and then get a problem with it. Fix this by not having to check the validity of username.

When using username containing malicious characters the following method should be safe:

pwd.getpwnam()
shutil.chown()
mkhomedir_helper

users: Fix checking username in retrieving SSH key

Merge request reports