On 17/03/2025 21:07, Marc Haber wrote:
Control: tags -1 confirmed
On Mon, Mar 17, 2025 at 04:24:18PM +0000, Andrew Sayers wrote:
$ sudo adduser saned scanner
warn: The user `saned' is already a member of `scanner'.
$ sudo journalctl -rn1 SYSLOG_IDENTIFIER=adduser
Mar 17 16:13:42 andrews-2024-laptop adduser[650156]: The user
From a quick look through the source, it appears `log_to_syslog()`
in `/usr/share/perl5/Debian/AdduserLogging.pm` removes everything
starting at the first backtick.
Thanks for spotting this (and for actually taking a look at adduser's
new logging features).
I think this unwanted behavior, might be caused by trying to sanitize
the data here before passing it to logger(1).
Can you try tweaking the regexp in AdduserLogging.pm Line 149 for a
quick diagnosis?
Greetings
Marc
Yeah, that looks like it. With this patch:
--- /usr/share/perl5/Debian/AdduserLogging.pm.orig 2025-03-17
22:42:00.669185341 +0000
+++ /usr/share/perl5/Debian/AdduserLogging.pm 2025-03-17
22:42:11.881323569 +0000
@@ -146,8 +146,8 @@
my $utprio = $1;
$loggerparms =~ /([-\sa-zA-Z0-9]*)/;
my $utloggerparms = $1;
- $data =~ /([-\s()\]\[{}?*+#\.:,;!"$%&\/=a-zA-Z0-9]*)/;
- my $utdata = $1;
+ #$data =~ /([-\s()\]\[{}?*+#\.:,;!"$%&\/=a-zA-Z0-9]*)/;
+ my $utdata = $data;
my @command= ("logger",
$logger_id_option,
"--tag=". progname(),
I get:
$ sudo adduser saned scanner
warn: The user `saned' is already a member of `scanner'.
$ sudo journalctl -rn1 SYSLOG_IDENTIFIER=adduser
Mar 17 22:40:29 andrews-2024-laptop adduser[768417]: The user `saned' is
already a member of `scanner'.
I understand the value of sanitising $facility and $prio, but the later
system()
call doesn't escape shell characters, so maybe just pass $data through
directly?
