Bug#42912: glibc changes break gdm (maybe others?)

To: submit@bugs.debian.org
Subject: Bug#42912: glibc changes break gdm (maybe others?)
From: Ryan Murray <rmurray@cyberhqz.com>
Date: Thu, 12 Aug 1999 19:46:21 -0700
Message-id: <[🔎] 19990812194621.A24388@cyberhqz.com>
Reply-to: Ryan Murray <rmurray@cyberhqz.com>, 42912@bugs.debian.org

Package: general

This is in reference to bug ID#42636, but may affect a much larger range
of programs.

Debian GNU/Linux uses uid 65534 for the uid of nobody.

If an improperly written program had a signed 16-bit variable fetch the
UID, this would become -2.

Passing to glibc 2.1 (with the 32-bit UID support), will cause this
value to become much larger than 65534.

If you strace gdm, you will see that at some point, something is trying
to drop priveleges from root down to nobody.  This causes gdm-greeter to
not have access to the xauth files, so it never starts (bug 42636).

However, there are many programs that may try to drop priveleges to user
"nobody", and if they use a signed 16-bit variable (incorrect code, but
that's a *LOT* of potential packages to fix), they will fail with a
similar problem.

One quick fix until all packages can be examined: change user nobody to
uid 32765, which will fit in a signed 16-bit variable.

The long fix, of course, is to recompile everything that might be
affected, ensuring that uid_t is used, and ensuring that uid_t is
unsigned.

It looks like bug 42636 should be sent upstream, but I haven't had a
chance to examine the code.  It may just require a recompile against
newer libc headers.

Reply to:

Prev by Date: Re: deliver - recompilation?
Next by Date: local initialization (/root/setup.sh, /bin/setup.sh)
Previous by thread: Re: application in search of a developer
Next by thread: local initialization (/root/setup.sh, /bin/setup.sh)
Index(es):
- Date
- Thread