Bugtraq mailing list archives
Re: Linux UID/GID 'Feature'
From: jlewis () INORGANIC5 FDT NET (Jon Lewis)
Date: Sun, 11 May 1997 13:39:21 -0400
On Sat, 10 May 1997, David Phillips wrote:
While trying to make a user entry in the /etc/passwd file unrecognized so I could demonstrate the use of valid UIDs, I placed a # in front of the UID. My theory was that this would make it an invalid number and cause Linux to give an authentication failure. (This worked as expect on SunOS 4.1.4) But then we tried to su to that user and were rewarded by being dumped to UID 0. It didn't recognize the UID so it defaulted to 0. Cool huh? He also noted that it works the same for GID. We have not taken the time to research the problem fully but have tested it on Red Hat 4.1 (2.0.27/2.0.30).
This looks like Red Hat PAM breakage. I verified it works (gives root) on my Red Hat 4.1 box, but it does not on any of my Slackware based boxes that are shadow upgraded. ------------------------------------------------------------------ Jon Lewis <jlewis () fdt net> | Unsolicited commercial e-mail will Network Administrator | be proof-read for $199/hr. ________Finger jlewis () inorganic5 fdt net for PGP public key_______
Current thread:
- Linux UID/GID 'Feature' David Phillips (May 10)
- Re: Linux UID/GID 'Feature' Steve \ (May 11)
- Re: Linux UID/GID 'Feature' Ariel Biener (May 11)
- Yet another WinNuke page. Nobody (May 11)
- Re: Linux UID/GID 'Feature' Jim Trocki (May 11)
- Re: Linux UID/GID 'Feature' Jon Lewis (May 11)
- more DoS fun Ghent (May 11)
- Re: Linux UID/GID 'Feature' Andrew G. Morgan (May 11)
- sendmail 8.8.6 Beta release available Jason R Mastaler (May 11)
- New Win95 OOB fix allows Netbios to be used Aaron Weintraub (May 12)
- UPDATE TO OOB FIX Aaron Weintraub (May 12)
- Re: New Win95 OOB fix allows Netbios to be used Ian MacPhedran (May 13)
- UPDATE TO OOB FIX Wojciech Swieboda (May 13)
- Re: ELM overflow security () home bti pl (May 14)
- Re: ELM overflow Michel GAUDET (May 16)
- potential root exploit with help from sam (HP-UX 10.x) David Hyams (May 14)