[83] in bugtraq
Re: UIDS < 0?
daemon@ATHENA.MIT.EDU (Pug)
Sun Oct 23 11:36:42 1994
From: Pug <pug@arlut.utexas.edu>
To: holland@engg.ksu.edu (Rich Holland)
Date: Sun, 23 Oct 1994 09:26:04 -0600 (CDT)
Cc: bugtraq@fc.net
In-Reply-To: <199410230350.WAA17619@godiva.ne.ksu.edu> from "Rich Holland" at Oct 22, 94 10:50:26 pm
> At LISA VIII, someone in the Automounter BOF brought up the fact (I
> don't recall why) that under AIX, if your 'nobody' userid was greater
> than 65-thousand-something, it would wrap (due to the limitation of a
> longint uid field and 32-bit userids). This didn't seem like a big deal,
> except that they also said that by having negative userids, there were
> big security holes opened up. Anyone know what these are? I've been
> playing with a nobody with a uid of 70000, and haven't found anything...
As I remember the AIX nfs bug (as well as some other vendors I
believe), if you have a UID that has the lower 32-bit field set to 0,
you had a problem. This means that despite what your account started
at, it equated it as root.
Ciao,
--
Richard Bainter Mundanely | System Analyst - OMG/CSD
Pug Generally | Applied Research Labs - U.Texas
pug@arlut.utexas.edu | pug@bga.com
Note: The views may not reflect my employers, or even my own for that matter.
