On Fri, May 30, 2008 at 09:10:29AM +0200, [EMAIL PROTECTED] wrote:
>
> Creating an user-account and changing the UID via vipw to "4294967296"
> (Which is 2^32) results in an overflow and the user gets the UID=0,
> an UID of "4294967297" leads to an UID=1 and so on.
>
> $ grep test /etc/passwd
> test:x:4294967296:5000:,,,:/home/test:/bin/bash
>
> $ su - test
> Password:
> [EMAIL PROTECTED]:~# id
> uid=0(root) gid=5000(test) groups=5000(test)
The bad news is that I can't reproduce this on i386. Thus I will have to
ask you questions.
If you create a file when logged in as user test (with su), does the file
belongs to root or to test?
In fact, I wonder if it is not a bug in id, which cast all the UIDs and
GIDs to (unsigned long int).
Also, are you able to compile some source on that box.
I would be interested by having the output of:
#include <sys/types.h>
#include <pwd.h>
#include <stdio.h>
void main (void)
{
struct passwd *pwd = getpwnam ("test");
printf ("test's UID: %llu\n", pwd->pw_uid);
}
It does not need to be run or compiled as user test, but the user test
should be present in /etc/passwd.
Last but not least, I do not recommend using these UIDs since it will
trigger bugs (in shadow or other softwares).
UID below 2^32 should be safe on all architectures.
(This is not a reason for not fixing these bugs, but it is a good reason
for administrators not to use these UIDs)
Best Regards,
--
Nekral
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
