Bugtraq mailing list archives
Re: Linux UID/GID 'Feature'
From: scoile () PATRIOT NET (Steve \)
Date: Sun, 11 May 1997 09:06:50 -0400
On Sat, 10 May 1997, David Phillips wrote: [...]
While trying to make a user entry in the /etc/passwd file unrecognized so I could demonstrate the use of valid UIDs, I placed a # in front of the UID. My theory was that this would make it an invalid number and cause Linux to give an authentication failure. (This worked as expect on SunOS 4.1.4) But then we tried to su to that user and were rewarded by being dumped to UID 0. It didn't recognize the UID so it defaulted to 0. Cool huh?
Sounds like the system is just using atoi() to get the UID. atoi() reads to the first non-numeric character (in this case, the hash) and interprets everything up to it as the number. Since nothing precedes the non-numeric character in your situation, zero (no value) is returned. -- Steve Coile P a t r i o t N e t Systems Engineering scoile () patriot net Patriot Computer Group (703) 277-7737
Current thread:
- Linux UID/GID 'Feature' David Phillips (May 10)
- Re: Linux UID/GID 'Feature' Steve \ (May 11)
- Re: Linux UID/GID 'Feature' Ariel Biener (May 11)
- Yet another WinNuke page. Nobody (May 11)
- Re: Linux UID/GID 'Feature' Jim Trocki (May 11)
- Re: Linux UID/GID 'Feature' Jon Lewis (May 11)
- more DoS fun Ghent (May 11)
- Re: Linux UID/GID 'Feature' Andrew G. Morgan (May 11)
- sendmail 8.8.6 Beta release available Jason R Mastaler (May 11)
- New Win95 OOB fix allows Netbios to be used Aaron Weintraub (May 12)
- UPDATE TO OOB FIX Aaron Weintraub (May 12)
- Re: New Win95 OOB fix allows Netbios to be used Ian MacPhedran (May 13)
(Thread continues...)