Bug in subroutine putpwent(Ultrix 3.0)

[George Robbins]

In article <1418 at rivm05.UUCP> ccea3 at rivm.UUCP (Adri Verhoef) writes:
> putpwent() doesn't work the way it should.
> Negative user-IDs and group-IDs show up as long integers
> with the following piece of code:
> 
> 	while (pwent = getpwent()) {
> 		fprintf(stderr, "%d\n", (int) pwent->pw_uid);
> 		putpwent(pwent, stdout);
> 	}
> 
> In this way,
> 	nobody:Nologin:-2:-2:anonymous NFS user:/:
> 
> willl show up as:
> 	-2
> 	nobody:Nologin:4294967294:4294967294:anonymous NFS user:/:
> 
> 
> Should I:
> 1) Remove all users with negative IDs (i.e. "nobody") from the password file?
> 2) Have the negative IDs changed into positive values?
> 3) Obtain a good and new version of putpwent()?
> 4) Patch the library (change %d:%d:%u:%u:%s:%s:%s into %s:%s:%d:%d:%s:%s:%s)?
> 5) [You name it]

Arghh!  Whatever you do, do it carefully, as there were alledgedly *Sun*
security bugs associated with not having an account in /etc/passwd that
the "nobody" accounts mapped to.  It's always possible that some analog
of these problems might show up in Ultrix.

The "official" version seems to be drifting towards the notion that uid's
and gid's are really supposed to be unsigned short's, however that's unlikely
work directly on systems using the sun derived kludge.

> This version seems to be:
> putpwent.c	4.1	(ULTRIX)	11/23/87

Note that none of the system software actually uses putpwent, it's apparently
the creation of some Sun completist.  The format string used in /bin/passwd
and the Sun version of putpwent is the predictable:

%s:%s:%d:%d:%s:%s:%s\n

What to do?  Maybe file an SPR and then go ahead and use a printf() instead
of a do-nothing routine...  The %u is definitely wrong in the current
environment, and useless or worse.

-- 
George Robbins - now working for,	uucp: {uunet|pyramid|rutgers}!cbmvax!grr
but no way officially representing	arpa: cbmvax!grr at uunet.uu.net
Commodore, Engineering Department	fone: 215-431-9255 (only by moonlite)