Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1994_4

Bugtraq archives for 4th quarter (Oct-Dec) 1994: UIDS < 0?

UIDS < 0?

Rich Holland (hollandengg.ksu.edu)
Sat, 22 Oct 1994 22:50:26 -0500 (CDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Douglas R. Floyd: "Another request for passwords"
Previous message: der Mouse: "Re: access(2)--a security hole?"
Next in thread: Pug: "Re: UIDS < 0?"

At LISA VIII, someone in the Automounter BOF brought up the fact (I
don't recall why) that under AIX, if your 'nobody' userid was greater
than 65-thousand-something, it would wrap (due to the limitation of a
longint uid field and 32-bit userids).  This didn't seem like a big deal,
except that they also said that by having negative userids, there were
big security holes opened up.  Anyone know what these are?  I've been
playing with a nobody with a uid of 70000, and haven't found anything...
-- 
Rich Holland                           UNIX System Administrator
hollandengg.ksu.edu                   College of Engineering
http://www.engg.ksu.edu/~holland/      Kansas State University
char*p="char*p=%c%s%c;main(){printf(p,34,p,34);}";main(){printf(p,34,p,34);}

Next message: Douglas R. Floyd: "Another request for passwords"
Previous message: der Mouse: "Re: access(2)--a security hole?"
Next in thread: Pug: "Re: UIDS < 0?"