[181] in linux-security and linux-alert archive
shadow-3.3.1 useradd bug
daemon@ATHENA.MIT.EDU (Marek Michalkiewicz)
Wed Mar 22 16:36:45 1995
To: jfh@rpp386.cactus.org
Date: Wed, 22 Mar 1995 20:33:56 +0100 (MEZ)
From: Marek Michalkiewicz <ind43@ci3ux.ci.pwr.wroc.pl>
Cc: linux-security@tarsier.cv.nrao.edu
The useradd command will (by default, without -u) create a new user
with uid at least 100, and higher by 1 than the highest existing uid.
Suppose you have user "nobody" with uid 65534. Then create two new
users - the first will have uid 65535, the second will overflow,
and the uid will be 0. You know what this means...
This may or may not be fixed in 3.3.2 - I don't know. I was unable
to find 3.3.2 (with the new, less restrictive copyright) on Linux ftp
sites and there were too much users on ftp.uu.net at the moment.
Regards,
--
Marek Michalkiewicz
marekm@i17linuxa.ists.pwr.wroc.pl || ind43@ci3ux.ci.pwr.wroc.pl
