Date: 11 May 1997 18:20:06 +0200 From: Wolfram Schneider <wosch@apfel.de> To: Wolfram Schneider <wosch@apfel.de> Cc: Gnuchev Fedor <qwe@ht.eimb.rssi.ru>, freebsd-security@FreeBSD.ORG Subject: Re: Linux UID/GID 'Feature' Message-ID: <p1ibu6i2d6x.fsf@campa.panke.de> In-Reply-To: Wolfram Schneider's message of 11 May 1997 17:21:39 %2B0200 References: <Pine.BSF.3.95q.970511134602.168C-100000@ht.eimb.rssi.ru> <p1iwwp65918.fsf@campa.panke.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Wolfram Schneider <wosch@apfel.de> writes:
> Gnuchev Fedor <qwe@ht.eimb.rssi.ru> writes:
> > > While trying to make a user entry in the /etc/passwd file unrecognized
> > > so I could demonstrate the use of valid UIDs, I placed a # in front of the UID.
> > > My theory was that this would make it an invalid number and cause Linux
> > > to give an authentication failure. (This worked as expect on SunOS 4.1.4)
> > > But then we tried to su to that user and were rewarded by being dumped
> > > to UID 0. It didn't recognize the UID so it defaulted to 0. Cool huh?
>
> Never put an non-numeric character in UID field!
Ok, here is a patch for pwd_mkdb:
Index: pw_scan.c
===================================================================
RCS file: /usr/cvs/src/usr.sbin/pwd_mkdb/pw_scan.c,v
retrieving revision 1.5
diff -u -r1.5 pw_scan.c
--- pw_scan.c 1996/06/20 19:19:29 1.5
+++ pw_scan.c 1997/05/11 16:00:33
@@ -42,6 +42,7 @@
#include <sys/param.h>
+#include <ctype.h>
#include <err.h>
#include <fcntl.h>
#include <pwd.h>
@@ -77,6 +78,10 @@
goto fmt;
if(p[0]) pw->pw_fields |= _PWF_UID;
id = atol(p);
+ for(; *p != '\0'; p++)
+ if (!isdigit(*p))
+ goto fmt;
+
if (root && id) {
warnx("root uid should be 0");
return (0);
@@ -91,6 +96,10 @@
goto fmt;
if(p[0]) pw->pw_fields |= _PWF_GID;
id = atol(p);
+ for(; *p != '\0'; p++)
+ if (!isdigit(*p))
+ goto fmt;
+
if (id > USHRT_MAX) {
warnx("%s > max gid value (%d)", p, USHRT_MAX);
/* return (0); This should not be fatal! */
--
Wolfram Schneider <wosch@apfel.de> http://www.apfel.de/~wosch/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p1ibu6i2d6x.fsf>