From owner-freebsd-current  Mon Apr 30 14:50: 4 2001
Delivered-To: freebsd-current@freebsd.org
Received: from mgate10.so-net.ne.jp (mgate10.so-net.ne.jp [210.139.254.157])
	by hub.freebsd.org (Postfix) with ESMTP id A704F37B422
	for <freebsd-current@freebsd.org>; Mon, 30 Apr 2001 14:49:55 -0700 (PDT)
	(envelope-from koya@math.yokohama-cu.ac.jp)
Received: from mail.ya3.so-net.ne.jp (mspool11.so-net.ne.jp [210.139.248.11])
	by mgate10.so-net.ne.jp (8.9.3/3.7W01041612) with ESMTP id GAA14588;
	Tue, 1 May 2001 06:48:42 +0900 (JST)
Received: from localhost (p84ea86.ykhmpc00.ap.so-net.ne.jp [210.132.234.134])
	by mail.ya3.so-net.ne.jp (8.9.3/3.7W01022316) with ESMTP id GAA17337;
	Tue, 1 May 2001 06:48:40 +0900 (JST)
To: sheldonh@uunet.co.za
Cc: Yoshihiro.Koya@math.yokohama-cu.ac.jp,
	freebsd-current@freebsd.org
Subject: Re: A question about max_uid 
In-Reply-To: <12411.988616150@axl.fw.uunet.co.za>
References: <20010427001555G.koya@pluto.math.yokohama-cu.ac.jp>
	<12411.988616150@axl.fw.uunet.co.za>
From: Yoshihiro Koya <Yoshihiro.Koya@math.yokohama-cu.ac.jp>
X-Mailer: Mew version 1.94.1 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-Id: <20010501065656R.koya@math.yokohama-cu.ac.jp>
Date: Tue, 01 May 2001 06:56:56 +0900
X-Dispatcher: imput version 990905(IM130)
Lines: 100
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Hello, 

From: Sheldon Hearn <sheldonh@uunet.co.za>
Subject: Re: A question about max_uid 
Date: Mon, 30 Apr 2001 09:35:50 +0200

> On Fri, 27 Apr 2001 00:15:55 +0900, Yoshihiro Koya wrote:
> 
> > Currently, I have nobody (uid = 65534) account as a default account on 
> > my box.  It might be easy to guess that the maximum is greater than
> > 65533.  My question is why such a restricion still remains.
> 
> >From what I remember from my communication with Bruce Evans, the
> "restrictions" (mostly unenforced" in our tree are there to protect old
> software compiled to use 16-bit UID values.  By allowing unsigned 32-bit
> UID values in the system, you open the door for problems with software
> that uses smaller UID values.

Thanks for your reply.  
The following is extracted from /usr/src/usr.bin/chpass/field.c

> /* ARGSUSED */
> int
> p_uid(p, pw, ep)
> 	char *p;
> 	struct passwd *pw;
> 	ENTRY *ep;
> {
> 	uid_t id;
> 	char *np;
> 
> 	if (!*p) {
> 		warnx("empty uid field");
> 		return (1);
> 	}
> 	if (!isdigit(*p)) {
> 		warnx("illegal uid");
> 		return (1);
> 	}
> 	errno = 0;
> 	id = strtoul(p, &np, 10);
> 	if (*np || (id == ULONG_MAX && errno == ERANGE)) {
> 		warnx("illegal uid");
> 		return (1);
> 	}
> 	pw->pw_uid = id;
> 	return (0);
> }

The system already seems to allow to use 32-bit UID.
Indeed, I can add user with UID = 2147483647 = 0x7fffffff.

# chpass foo
/etc/pw.6mhYUR: 15 lines, 294 characters.
chpass: 2147483647 > recommended max uid value (65535)
chpass: updating the database...
pwd_mkdb: 2147483647 > recommended max uid value (65535)
chpass: done
# cat /etc/passwd | grep foo
foo:*:2147483647:20:some user:/tmp:/bin/csh

BTW, I would like to point out that chpass command or pwd_mkdb command 
made some strange behaviour as follows:

# chpass foo
(I change the user foo's uid to 4294967295 =  0xffffffff here.)
/etc/pw.qVOUaT: 15 lines, 294 characters.
chpass: -1 > recommended max uid value (65535)
chpass: updating the database...
pwd_mkdb: -1 > recommended max uid value (65535)
chpass: done
# cat /etc/passwd | grep foo
foo:*:4294967295:20:some user:/tmp:/bin/csh
# cat /etc/master.passwd | grep foo
foo:*:-1:20::0:0:some user:/tmp:/bin/csh

It might be better to fix if possible.
The user with minus UID has potential problems, and
commands allow such minus uid are obviously wrong.

Added to this, the above pwd_mkdb commands tells me that 
the recommended max uid value is 65535, which is 
a 16-bit UID, and this value 65535 differs from the restricted value
of pw command.
It might be better to unify such a recommended UID value on the
system.

Finally, I would like to mention my system on which I made 
the above tests.  The system is 

FreeBSD vaio.my.domain 5.0-20010112-SNAP FreeBSD 5.0-20010112-SNAP #4: Mon Feb 26 15:32:20 JST 2001     root@vaio.my.domain:/usr/src/sys/compile/vaio  i386

That system is somewhat old. But I guess that the current 
source codes of pw, chpass and pwd_mkdb aren't so far from
those on my system, maybe.  I cannot check the latest sources now
because I'm on travel.

Thanks for your reading.

koya

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message