[Bash-completion-devel] Bug#825317: bash-completion: Un-escaped "~*" leads to spurious NSS lookups
Daniel Richard G.
skunk at iSKUNK.ORG
Wed May 25 22:19:12 UTC 2016
Package: bash-completion
Version: 1:2.1-4.3
Severity: minor
Bug #825153 (mysterious "*" passwd queries in LDAP) turned out to be the
result of a minor thinko in bash-completion.
The _quote_readline_by_ref() shell function uses "~*" without the tilde
being escaped (like all other instances of same), resulting in a
getpwnam() lookup for a user named "*". If NSS lookups are going to
files, then this is no big deal. But this is occurring in a setup where
such queries go to LDAP, and as "*" is not valid syntax for a username,
the query is rejected and logged. And there are a _lot_ of log entries
coming from this bug.
Note that the issue is not even in the upstream bash-completion source,
but in a Debian patch:
debian/patches/00-fix_quote_readline_by_ref.patch
More information about the Bash-completion-devel
mailing list