From owner-freebsd-security Sun May 11 08:29:16 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id IAA01418 for security-outgoing; Sun, 11 May 1997 08:29:16 -0700 (PDT) Received: from bsd.fs.bauing.th-darmstadt.de (bsd.fs.bauing.th-darmstadt.de [130.83.63.241]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id IAA01411 for ; Sun, 11 May 1997 08:29:09 -0700 (PDT) Received: from campa.panke.de (anonymous215.ppp.cs.tu-berlin.de [130.149.17.215]) by bsd.fs.bauing.th-darmstadt.de (8.8.5/8.8.5) with ESMTP id RAA00467; Sun, 11 May 1997 17:29:05 +0200 (MET DST) Received: (from wosch@localhost) by campa.panke.de (8.8.5/8.6.12) id RAA24014; Sun, 11 May 1997 17:21:41 +0200 (MET DST) To: Gnuchev Fedor Cc: freebsd-security@FreeBSD.ORG Subject: Re: Linux UID/GID 'Feature' References: From: Wolfram Schneider Date: 11 May 1997 17:21:39 +0200 In-Reply-To: Gnuchev Fedor's message of Sun, 11 May 1997 13:50:57 +0400 (MSD) Message-ID: Lines: 15 Sender: owner-security@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk Gnuchev Fedor writes: > > While trying to make a user entry in the /etc/passwd file unrecognized > > so I could demonstrate the use of valid UIDs, I placed a # in front of the UID. > > My theory was that this would make it an invalid number and cause Linux > > to give an authentication failure. (This worked as expect on SunOS 4.1.4) > > But then we tried to su to that user and were rewarded by being dumped > > to UID 0. It didn't recognize the UID so it defaulted to 0. Cool huh? Never put an non-numeric character in UID field! BTW, in FreeBSD-current lines with a leading `#' are comments, and are ignored. See group(5), passwd(5). -- Wolfram Schneider http://www.apfel.de/~wosch/