Обсуждение: Re: [BUGS] user authentication crash by Erik Luke (20-08-2001; 1.3kb)

"Thomas Yackel" <yackelt@ohsu.edu> writes:
> I got the error: "Bad abstime external representation ''" when attempted to start psql as a particular user and the
postmastershutdown.
 

> The problem, we discovered, is that this user had a carriage return contained within his password.  Changing the
passwordto remove the CR avoided the system shutdown.
 

Hmm.  I can see how a linefeed in a password would create a problem (it
breaks the line-oriented formatting of the pg_pwd file).  However, I
can't reproduce a postmaster crash here.  Either I'm not testing the
right combination of circumstances, or current sources are more robust
about this than 7.1.  That's not unlikely given that Bruce rewrote the
password-file-parsing code a couple months ago.

In any case it seems like it'd be a good idea to forbid nonprinting
characters in passwords.  Comments anyone?
        regards, tom lane

Tom Lane wrote: >Hmm.  I can see how a linefeed in a password would create a problem (it >breaks the line-oriented
formattingof the pg_pwd file). 
 
... >In any case it seems like it'd be a good idea to forbid nonprinting >characters in passwords.  Comments anyone?

That sounds too restrictive; allowing non-printing characters should
improve password security.  Why not simply exclude linefeed and
carriage return?  (And possibly ctrl-Q and ctrl-S as well, in case there
is still anyone running a terminal with XON/XOFF flow control.)

-- 
Oliver Elphick                                Oliver.Elphick@lfix.co.uk
Isle of Wight                              http://www.lfix.co.uk/oliver
GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839  932A 614D 4C34 3E1D 0C1C
    "But they that wait upon the LORD shall renew their      strength; they shall mount up with wings as eagles;
theyshall run, and not be weary; and they shall walk,     and not faint."            Isaiah 40:31