[4001] in bugtraq
Re: Linux rcp bug
daemon@ATHENA.MIT.EDU (Thomas Roessler)
Tue Feb 4 11:38:04 1997
Date: Tue, 4 Feb 1997 10:25:57 GMT
Reply-To: Thomas Roessler <Thomas.Roessler@SOBOLEV.RHEIN.DE>
From: Thomas Roessler <Thomas.Roessler@SOBOLEV.RHEIN.DE>
To: BUGTRAQ@netspace.org
In article <Pine.GSO.3.95q.970203205902.9134A-100000@piglet.cc.utexas.edu>, Miroslav Pikus wrote:
>[nobody@slip-70-8 /]$ id
>uid=65535(nobody) gid=65535
>[nobody@slip-70-8 /]$ rcp oberheim@moe.cc.utexas.edu:brb /tmp/test
>[nobody@slip-70-8 /]$ ls -la /tmp/test
>-rw------- 1 root 65535 0 Jan 29 11:20 /tmp/test
This is an old and well-known problem. 65535 equals -1 mod 2^16 which, in
fact, says it all: Passing -1 as an argument to chown(), chgrp(), set*uid()
and several other system calls will leave the value in question unchanged.
tlr
--
Thomas Roessler http://home.pages.de/~roessler/
