[Pkg-shadow-devel] Bug#483645: Bug#483645: Bug with UID=4294967296 on Alpha-Arch. (lenny/sid)

[Nicolas François]

On Fri, May 30, 2008 at 09:10:29AM +0200, oliver.morais at akhwien.at wrote:
> 
> Creating an user-account and changing the UID via vipw to "4294967296"
> (Which is 2^32) results in an overflow and the user gets the UID=0,
> an UID of "4294967297" leads to an UID=1 and so on.
> 
> $ grep test /etc/passwd
> test:x:4294967296:5000:,,,:/home/test:/bin/bash
> 
> $ su - test
> Password:
> root at testbox:~# id
> uid=0(root) gid=5000(test) groups=5000(test)

The bad news is that I can't reproduce this on i386. Thus I will have to
ask you questions.

If you create a file when logged in as user test (with su), does the file
belongs to root or to test?

In fact, I wonder if it is not a bug in id, which cast all the UIDs and
GIDs to (unsigned long int).

Also, are you able to compile some source on that box.

I would be interested by having the output of:

#include <sys/types.h>
#include <pwd.h>
#include <stdio.h>

void main (void)
{
	struct passwd *pwd = getpwnam ("test");
	printf ("test's UID: %llu\n", pwd->pw_uid);
}

It does not need to be run or compiled as user test, but the user test
should be present in /etc/passwd.


Last but not least, I do not recommend using these UIDs since it will
trigger bugs (in shadow or other softwares).
UID below 2^32 should be safe on all architectures.

(This is not a reason for not fixing these bugs, but it is a good reason
for administrators not to use these UIDs)

Best Regards,
-- 
Nekral