[206] in linux-security and linux-alert archive
useradd bug
daemon@ATHENA.MIT.EDU (Marek Michalkiewicz)
Thu Apr 13 18:50:54 1995
From: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>
To: linux-security@tarsier.cv.nrao.edu
Date: Thu, 13 Apr 1995 16:31:25 +0200 (MET DST)
Some time ago I posted a message about a bug in the useradd command
from the Shadow Password Suite. (The bug: useradd without "-u uid"
may create a new user with uid 0 because of overflow if there are
users in /etc/passwd with high uid values like "nobody"==65534.)
I just want to add this info: even if you are not using shadow passwords,
you are not safe! At least the Slackware distribution (maybe others too)
includes the useradd (and groupadd) programs from the shadow suite, even
though this distribution does not support shadow passwords.
I have sent mail about this bug to the author. Until the bug is fixed,
always use the -u option, use a different program (such as adduser),
or edit /etc/passwd (and /etc/shadow if you have one) by hand.
If you have any questions about this, please mail them directly to me,
to save the moderators some work :-).
Regards,
-- Marek Michalkiewicz <marekm@i17linuxa.ists.pwr.wroc.pl>
