Bug#510635: glibc: 32 bits uid/gid overflow
Package: libc6
Version: 2.7-16
Severity: normal
File: glibc
Hi,
I was working on setting nss-pgsql on my system when I discovered this bug.
It seems that uid/gid use 32 bits integer and if a uid/gid is set bigger than (2^32)-1,
their is an overflow.
For example I have done this:
# echo "toto:x:4294967296:4294967296:Fake root:/home/linus:/bin/bash" >> /etc/passwd
The result is:
# id toto
uid=0(root) gid=0(root) groupes=0(root)
This could be a security break...
-- System Information:
Debian Release: 5.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.26-1-amd64 (SMP w/1 CPU core)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Versions of packages libc6 depends on:
ii libgcc1 1:4.3.2-1 GCC support library
libc6 recommends no packages.
Versions of packages libc6 suggests:
pn glibc-doc <none> (no description available)
ii locales 2.7-16 GNU C Library: National Language (
-- debconf information:
glibc/upgrade: true
glibc/restart-failed:
glibc/restart-services:
Reply to: