Re: passwd entry for uid -1

To: Robert Bihlmeyer <robbe@orcus.priv.at>
Cc: debian-hurd@lists.debian.org
Subject: Re: passwd entry for uid -1
From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
Date: Tue, 5 Jun 2001 17:32:51 +0200
Message-id: <[🔎] 20010605173251.A5365@212.23.136.22>
In-reply-to: <[🔎] 87y9r7knna.fsf@orcus.priv.at>
References: <[🔎] 20010602214206.BF65699306@perdition.linnaean.org> <[🔎] 20010603205104.D4223@212.23.136.22> <[🔎] 87wv6s5pj4.fsf@orcus.priv.at> <[🔎] 20010604215026.D1366@212.23.136.22> <[🔎] 87y9r7knna.fsf@orcus.priv.at>

On Tue, Jun 05, 2001 at 04:27:21PM +0200, Robert Bihlmeyer wrote:
> > Nobody is just another user, though usually with special semantics.
> 
> Hmm, all the security punduits continously preach that "nobody" was
> only meant as a no-rights-at-all target to map root to in NFS.
> "nobody" actually owning stuff is a big no-no.

As a matter of fact, as no valid uid maps to the Hurd nouser, this is not
only a big no-no, but an impossibility (without hexediting the filesystem).

> So I count that not as
> just another user. I'd actually wager that "nobody" was in fact an
> attempt to emulate the concept of an empty id set (or empty capability
> set) in Unix semantics.
> 
> If that's correct, unifying them may be good. May be I'm missing
> something, though.

I see.

Will the following scenario work?

glibc is changed, so that "setuid(-1)" means: Drop all (effective?) user ids.
Change the nobody entry in the passwd file so that it lists -1 as uid.

This will make Unix programs which conventionally switch to user nobody very
safe (because they will run without any privileges).

If could make some tests in this direction...

Thanks,
Marcus

-- 
`Rhubarb is no Egyptian god.' Debian http://www.debian.org brinkmd@debian.org
Marcus Brinkmann              GNU    http://www.gnu.org    marcus@gnu.org
Marcus.Brinkmann@ruhr-uni-bochum.de
http://www.marcus-brinkmann.de

Reply to:

Follow-Ups:
- Re: passwd entry for uid -1
  - From: Oystein Viggen <oysteivi@tihlde.org>

References:
- Re: passwd entry for uid -1
  - From: Roland McGrath <roland@frob.com>
- Re: passwd entry for uid -1
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: passwd entry for uid -1
  - From: Robert Bihlmeyer <robbe@orcus.priv.at>
- Re: passwd entry for uid -1
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: passwd entry for uid -1
  - From: Robert Bihlmeyer <robbe@orcus.priv.at>

Prev by Date: Re: unowned processes and who controls them (was: Re: passwd entry for uid -1
Next by Date: Re: Partition size and glibc build
Previous by thread: Re: passwd entry for uid -1
Next by thread: Re: passwd entry for uid -1
Index(es):
- Date
- Thread