Bugtraq mailing list archives
possible security bug if uid of nobody is 65535 or -1
From: iang () cs berkeley edu (Ian Goldberg)
Date: Tue, 27 Aug 1996 21:11:31 -0700
-----BEGIN PGP SIGNED MESSAGE----- I've seen the user "nobody" on some systems have a uid of -1 or 65535. (Slackware Linux is such an example.) On most such systems, this will have interesting interactions with syscalls like setreuid() and chown(), for which an argument of -1 means "no change". A program that is setuid root, but uses setreuid() to swap its real and effective uids will thus remain root if run by the "nobody" user. Also note that it is easy to run programs as nobody on systems on which CGI scripts are available (the default is to run them as nobody). - Ian -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMiPGz0ZRiTErSPb1AQHB4gP/bZQ9rDz4E+eaCzzFenDHf7Mwb/+F7nUH JFtZqG43ohONgDmNMl2hHA925sJTsCJ/53e43Bnbn6rtUoEmdkkuMLbJ4XrMPOf3 UQSaAeJw0Datlyb/NM4+ka/23GzPc6TH2OAyAv3Hz+vOOVdtzsrPctW8/pMGT2HQ ZD4YQUsCMBA= =h2Hb -----END PGP SIGNATURE-----
Current thread:
- possible security bug if uid of nobody is 65535 or -1 Ian Goldberg (Aug 27)