Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linux UID/GID 'Feature'

From: jlewis () INORGANIC5 FDT NET (Jon Lewis)
Date: Sun, 11 May 1997 13:39:21 -0400

On Sat, 10 May 1997, David Phillips wrote:


While trying to make a user entry in the /etc/passwd file unrecognized
so I could demonstrate the use of valid UIDs, I placed a # in front of the UID.
My theory was that this would make it an invalid number and cause Linux
to give an authentication failure.  (This worked as expect on SunOS 4.1.4)
But then we tried to su to that user and were rewarded by being dumped
to UID 0.  It didn't recognize the UID so it defaulted to 0.  Cool huh?

He also noted that it works the same for GID.  We have not taken the time
to research the problem fully but have tested it on Red Hat 4.1 (2.0.27/2.0.30).


This looks like Red Hat PAM breakage.  I verified it works (gives root) on
my Red Hat 4.1 box, but it does not on any of my Slackware based boxes
that are shadow upgraded.


------------------------------------------------------------------
 Jon Lewis <jlewis () fdt net>  |  Unsolicited commercial e-mail will
 Network Administrator       |  be proof-read for $199/hr.
________Finger jlewis () inorganic5 fdt net for PGP public key_______
Previous By Date Next
Previous By Thread Next

Current thread: