Re: passwd entry for uid -1
On Tue, Jun 05, 2001 at 04:27:21PM +0200, Robert Bihlmeyer wrote:
> > Nobody is just another user, though usually with special semantics.
> Hmm, all the security punduits continously preach that "nobody" was
> only meant as a no-rights-at-all target to map root to in NFS.
> "nobody" actually owning stuff is a big no-no.
As a matter of fact, as no valid uid maps to the Hurd nouser, this is not
only a big no-no, but an impossibility (without hexediting the filesystem).
> So I count that not as
> just another user. I'd actually wager that "nobody" was in fact an
> attempt to emulate the concept of an empty id set (or empty capability
> set) in Unix semantics.
> If that's correct, unifying them may be good. May be I'm missing
> something, though.
Will the following scenario work?
glibc is changed, so that "setuid(-1)" means: Drop all (effective?) user ids.
Change the nobody entry in the passwd file so that it lists -1 as uid.
This will make Unix programs which conventionally switch to user nobody very
safe (because they will run without any privileges).
If could make some tests in this direction...
`Rhubarb is no Egyptian god.' Debian http://www.debian.org email@example.com
Marcus Brinkmann GNU http://www.gnu.org firstname.lastname@example.org