Improper parsing of /etc/passwd when username is suffix of another user
Matir opened this issue · comments
David Tomaschik commented
Steps to reproduce:
- Create a user
testagent
with SSH keys in project/instance metadata. - Wait for agent to create user & provision.
- Create a user
agent
with SSH keys in project/instance metadata. - Observe keys for user
agent
written into/home/testagent/.ssh/authorized_keys
This occurs because the code for getPasswd
only checks that the entry in /etc/passwd
contains the username followed by :
. Of course, it only occurs if the longer username is first in /etc/passwd
and the shorter username is 2nd in the project/instance metadata.
I'll send a PR with a fix shortly.