The Internet Virus--Another issue
Rob McMahon
cudcv at warwick.ac.uk
Sun Dec 18 04:09:03 AEST 1988
In article <66 at titania.warwick.ac.uk> I wrote:
>>If you've got an inetd.conf that takes a user to run the daemon as, I would
>>also be careful about using users with -ve uids, someone said this can cause
>>the daemon to get run as root when e.g. setuid(-2) fails (setuid expecting a
>>0 <= number < 2^16).
In article <716 at auspex.UUCP> guy at auspex.UUCP (Guy Harris) replies:
>It seems to work under SunOS 4.0; the "pw_uid" field for the user is cast to
>"uid_t", which is "unsigned short", the net result being that it passes 65534
>rather than -2 to "setuid".
Humble apologies. I really should have checked this out, because it seems to
be safe in 4.3 too. Make sure you have unusable passwords on your -ve uid
accounts though, because the pw_uid in a struct passwd is an int, and at least
under 4.3 login neither casts it to uid_t nor checks the return from setuid.
I believe this was fixed in SunOS 4.0.1.
Rob
--
UUCP: ...!mcvax!ukc!warwick!cudcv PHONE: +44 203 523037
JANET: cudcv at uk.ac.warwick ARPA: cudcv at warwick.ac.uk
Rob McMahon, Computing Services, Warwick University, Coventry CV4 7AL, England
More information about the Comp.unix.wizards
mailing list