Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux UID/GID 'Feature'

From: scoile () PATRIOT NET (Steve \)
Date: Sun, 11 May 1997 09:06:50 -0400

On Sat, 10 May 1997, David Phillips wrote:
[...]

While trying to make a user entry in the /etc/passwd file unrecognized
so I could demonstrate the use of valid UIDs, I placed a # in front of
the UID.  My theory was that this would make it an invalid number and
cause Linux to give an authentication failure.  (This worked as expect
on SunOS 4.1.4) But then we tried to su to that user and were rewarded by
being dumped to UID 0.  It didn't recognize the UID so it defaulted to 0.
Cool huh?


Sounds like the system is just using atoi() to get the UID.  atoi()
reads to the first non-numeric character (in this case, the hash) and
interprets everything up to it as the number.  Since nothing precedes
the non-numeric character in your situation, zero (no value) is returned.

--
    Steve Coile           P a t r i o t  N e t      Systems Engineering
 scoile () patriot net      Patriot Computer Group        (703) 277-7737
Previous By Date Next
Previous By Thread Next

Current thread: