[Pkg-shadow-devel] Reallocating UIDs of deleted accounts
Iker Pedrosa
ipedrosa at redhat.com
Tue May 26 11:31:43 BST 2020
Dear developers:
I'm facing a feature request that asks for a change in id allocation
algorithm. Nowadays, the algorithm checks the minimum existing UID and adds
1 to it to allocate the UID for the new user. Only if that number is
outside of the SYS_UID_* range, it tries to use other values in "holes". Maybe
the same can happen to groups but I haven't checked it.
The change request is asking to use the highest free UID in the SYS_UID_*
range instead. The problem is that using the holes could assign the UID of
a previously existing account to the new account, which may lead to a
security issue.
I'd like to know your opinion on this matter.
Link to the new feature request:
https://bugzilla.redhat.com/show_bug.cgi?id=958842
--
Iker Pedrosa
Software Engineer, Identity Management team
Red Hat <https://www.redhat.com>
<https://www.redhat.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-shadow-devel/attachments/20200526/eb5d8df6/attachment.html>
More information about the Pkg-shadow-devel
mailing list