Re: UIDS < 0?

[pug () arlut utexas edu (Pug)]

> At LISA VIII, someone in the Automounter BOF brought up the fact (I
> don't recall why) that under AIX, if your 'nobody' userid was greater
> than 65-thousand-something, it would wrap (due to the limitation of a
> longint uid field and 32-bit userids).  This didn't seem like a big deal,
> except that they also said that by having negative userids, there were
> big security holes opened up.  Anyone know what these are?  I've been
> playing with a nobody with a uid of 70000, and haven't found anything...

As I remember the AIX nfs bug (as well as some other vendors I
believe), if you have a UID that has the lower 32-bit field set to 0,
you had a problem. This means that despite what your account started
at, it equated it as root.

Ciao,

-- 
Richard Bainter          Mundanely     |    System Analyst        - OMG/CSD
Pug                      Generally     |    Applied Research Labs - U.Texas
          pug () arlut utexas edu         |    pug () bga com
Note: The views may not reflect my employers, or even my own for that matter.