[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: passwd entry for uid -1

On Tue, Jun 05, 2001 at 04:27:21PM +0200, Robert Bihlmeyer wrote:
> > Nobody is just another user, though usually with special semantics.
> Hmm, all the security punduits continously preach that "nobody" was
> only meant as a no-rights-at-all target to map root to in NFS.
> "nobody" actually owning stuff is a big no-no.

As a matter of fact, as no valid uid maps to the Hurd nouser, this is not
only a big no-no, but an impossibility (without hexediting the filesystem).

> So I count that not as
> just another user. I'd actually wager that "nobody" was in fact an
> attempt to emulate the concept of an empty id set (or empty capability
> set) in Unix semantics.
> If that's correct, unifying them may be good. May be I'm missing
> something, though.

I see.

Will the following scenario work?

glibc is changed, so that "setuid(-1)" means: Drop all (effective?) user ids.
Change the nobody entry in the passwd file so that it lists -1 as uid.

This will make Unix programs which conventionally switch to user nobody very
safe (because they will run without any privileges).

If could make some tests in this direction...


`Rhubarb is no Egyptian god.' Debian http://www.debian.org brinkmd@debian.org
Marcus Brinkmann              GNU    http://www.gnu.org    marcus@gnu.org

Reply to: