Re: High UID support for Linux

Mitchell Blank Jr (mitch@execpc.com)
Sun, 22 Nov 1998 12:54:34 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: H. J. Lu: "Re: Possible bug in wait4(), 2.1.126-129 ?"
Previous message: rohloff@informatik.tu-muenchen.de: "Re: kerneli blowfish/twofish compromised?"
In reply to: Greg J. Siekas: "2.1.129 and ac3 and SMP alpha"

Albert D. Cahalan wrote:
> Besides trunctuation (aliasing), we get sign extension.
> After some 16-bit abuse, 0x0001ffff can become 0xffffffff
> (UID -1 is special) and 0x12340000 can become 0.

That's why the safest thing is to just go 32-bit in the kernel completely
and DON'T try to second guess what userland really meant.

> What about when an old server with 16-bit UIDs checks for root?
> This isn't just a kernel problem. I could imagine sudo giving out
> access to users 0x00001234, 0x10001234, and 0x0a001234.

If a high UID process calls sys_oldgetuid(), SIGKILL it. Harsh, but safe.

-Mitch

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: H. J. Lu: "Re: Possible bug in wait4(), 2.1.126-129 ?"
Previous message: rohloff@informatik.tu-muenchen.de: "Re: kerneli blowfish/twofish compromised?"
In reply to: Greg J. Siekas: "2.1.129 and ac3 and SMP alpha"