Hi Marc, > Homograph attacks would be best mitigated in software reading > /etc/passwd, alerting in their output or logs that the user name they > just printed was composed of strange alphabets.
Software that reads /etc/passwd or /etc/shadow is quite sensitive, and should therefore be as simple as possible. More code, more bugs. The best mitigation for those attacks is to ban the names altogether. IMO, setuid programs should not accept Unicode. Have a lovely day! Alex -- <https://www.alejandro-colomar.es/>
signature.asc
Description: PGP signature
