Bug#510635: glibc: 32 bits uid/gid overflow

To: Yannis Aribaud <bugs@d6bell.net>, 510635@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Bug#510635: glibc: 32 bits uid/gid overflow
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Sun, 4 Jan 2009 11:53:36 +0100
Message-id: <[🔎] 20090104105336.GB30438@hall.aurel32.net>
Reply-to: Aurelien Jarno <aurelien@aurel32.net>, 510635@bugs.debian.org
In-reply-to: <[🔎] 20090103224734.4510.64339.reportbug@minus>
References: <[🔎] 20090103224734.4510.64339.reportbug@minus>

forcemerge 483645 510635
thanks

On Sat, Jan 03, 2009 at 11:47:34PM +0100, Yannis Aribaud wrote:
> Package: libc6
> Version: 2.7-16
> Severity: normal
> File: glibc
> 
> 
> Hi,
> 
> I was working on setting nss-pgsql on my system when I discovered this bug.
> It seems that uid/gid use 32 bits integer and if a uid/gid is set bigger than (2^32)-1,
> their is an overflow.
> 
> For example I have done this:
> 
> # echo "toto:x:4294967296:4294967296:Fake root:/home/linus:/bin/bash" >> /etc/passwd
> 
> The result is:
> 
> # id toto
> uid=0(root) gid=0(root) groupes=0(root)
> 
> This could be a security break...

While I agree this bug should be fixed, I don't believe it is a security
break, given that no tools allow such values to be written to
/etc/passwd.

-- 
  .''`.  Aurelien Jarno	            | GPG: 1024D/F1BCDB73
 : :' :  Debian developer           | Electrical Engineer
 `. `'   aurel32@debian.org         | aurelien@aurel32.net
   `-    people.debian.org/~aurel32 | www.aurel32.net

Reply to:

References:
- Bug#510635: glibc: 32 bits uid/gid overflow
  - From: Yannis Aribaud <bugs@d6bell.net>

Prev by Date: r3206 - in glibc-package/branches/glibc-branch-etch/debian: . patches patches/localedata
Next by Date: Processed: bug 483645 is forwarded to http://sources.redhat.com/bugzilla/show_bug.cgi?id=9706
Previous by thread: Bug#510635: glibc: 32 bits uid/gid overflow
Next by thread: Bug#510635: marked as done (glibc: 32 bits uid/gid overflow)
Index(es):
- Date
- Thread