Bugtraq mailing list archives

NFS UID bug.

From: casper () fwi uva nl (Casper Dik)
Date: Wed, 31 Aug 1994 11:28:29 +0200


There seems to be some confusion about the NFS UID bug.

Here are some facts about this bug that are worth knowing:

        - Solaris 2.x (any system with 32 bit uids) is not susceptible
        - The NFS jumbo patch for SunOS 4.1.x *does* fix the UID bug

        - nfsbug will report *false* positives on the UID bug on filesystems
          that:
                - are exported with root access on 16 bit machines
                  (side effect of truncating uids to least significant 16 bits)
                  Keep your uids < 60000
            or
                - have a world writable root directory.

Casper

Current thread:

SunOS newsyslog bug Jean Chouanard (Aug 26)
- Re: SunOS newsyslog bug jsz (Aug 26)
- Re: SunOS newsyslog bug System Administrator (Aug 29)
- Tripwire V1.2 Release (Finally!) Gene Spafford (Aug 30)
- NFS UID bug. Casper Dik (Aug 31)
- DEC OSF/1 Enhanced Security passwd problem Tim DiLauro (Aug 31)
- <Possible follow-ups>
- Re: SunOS newsyslog bug Kenneth Kron - (Aug 26)