[4446] in bugtraq
Re: Linux UID/GID 'Feature'
daemon@ATHENA.MIT.EDU (Steve \"Stevers!\" Coile)
Sun May 11 16:37:19 1997
Date: Sun, 11 May 1997 09:06:50 -0400
Reply-To: "Steve \"Stevers!\" Coile" <scoile@PATRIOT.NET>
From: "Steve \"Stevers!\" Coile" <scoile@PATRIOT.NET>
X-To: David Phillips <phillips@PCISYS.NET>
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <01BC5D8D.679DD4A0@frank56.pcisys.net>
On Sat, 10 May 1997, David Phillips wrote:
[...]
>While trying to make a user entry in the /etc/passwd file unrecognized
>so I could demonstrate the use of valid UIDs, I placed a # in front of
>the UID. My theory was that this would make it an invalid number and
>cause Linux to give an authentication failure. (This worked as expect
>on SunOS 4.1.4) But then we tried to su to that user and were rewarded by
>being dumped to UID 0. It didn't recognize the UID so it defaulted to 0.
>Cool huh?
Sounds like the system is just using atoi() to get the UID. atoi()
reads to the first non-numeric character (in this case, the hash) and
interprets everything up to it as the number. Since nothing precedes
the non-numeric character in your situation, zero (no value) is returned.
--
Steve Coile P a t r i o t N e t Systems Engineering
scoile@patriot.net Patriot Computer Group (703) 277-7737
