Date: Tue, 01 May 2001 06:56:56 +0900 From: Yoshihiro Koya <Yoshihiro.Koya@math.yokohama-cu.ac.jp> To: sheldonh@uunet.co.za Cc: Yoshihiro.Koya@math.yokohama-cu.ac.jp, freebsd-current@freebsd.org Subject: Re: A question about max_uid Message-ID: <20010501065656R.koya@math.yokohama-cu.ac.jp> In-Reply-To: <12411.988616150@axl.fw.uunet.co.za> References: <20010427001555G.koya@pluto.math.yokohama-cu.ac.jp> <12411.988616150@axl.fw.uunet.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello,
From: Sheldon Hearn <sheldonh@uunet.co.za>
Subject: Re: A question about max_uid
Date: Mon, 30 Apr 2001 09:35:50 +0200
> On Fri, 27 Apr 2001 00:15:55 +0900, Yoshihiro Koya wrote:
>
> > Currently, I have nobody (uid = 65534) account as a default account on
> > my box. It might be easy to guess that the maximum is greater than
> > 65533. My question is why such a restricion still remains.
>
> >From what I remember from my communication with Bruce Evans, the
> "restrictions" (mostly unenforced" in our tree are there to protect old
> software compiled to use 16-bit UID values. By allowing unsigned 32-bit
> UID values in the system, you open the door for problems with software
> that uses smaller UID values.
Thanks for your reply.
The following is extracted from /usr/src/usr.bin/chpass/field.c
> /* ARGSUSED */
> int
> p_uid(p, pw, ep)
> char *p;
> struct passwd *pw;
> ENTRY *ep;
> {
> uid_t id;
> char *np;
>
> if (!*p) {
> warnx("empty uid field");
> return (1);
> }
> if (!isdigit(*p)) {
> warnx("illegal uid");
> return (1);
> }
> errno = 0;
> id = strtoul(p, &np, 10);
> if (*np || (id == ULONG_MAX && errno == ERANGE)) {
> warnx("illegal uid");
> return (1);
> }
> pw->pw_uid = id;
> return (0);
> }
The system already seems to allow to use 32-bit UID.
Indeed, I can add user with UID = 2147483647 = 0x7fffffff.
# chpass foo
/etc/pw.6mhYUR: 15 lines, 294 characters.
chpass: 2147483647 > recommended max uid value (65535)
chpass: updating the database...
pwd_mkdb: 2147483647 > recommended max uid value (65535)
chpass: done
# cat /etc/passwd | grep foo
foo:*:2147483647:20:some user:/tmp:/bin/csh
BTW, I would like to point out that chpass command or pwd_mkdb command
made some strange behaviour as follows:
# chpass foo
(I change the user foo's uid to 4294967295 = 0xffffffff here.)
/etc/pw.qVOUaT: 15 lines, 294 characters.
chpass: -1 > recommended max uid value (65535)
chpass: updating the database...
pwd_mkdb: -1 > recommended max uid value (65535)
chpass: done
# cat /etc/passwd | grep foo
foo:*:4294967295:20:some user:/tmp:/bin/csh
# cat /etc/master.passwd | grep foo
foo:*:-1:20::0:0:some user:/tmp:/bin/csh
It might be better to fix if possible.
The user with minus UID has potential problems, and
commands allow such minus uid are obviously wrong.
Added to this, the above pwd_mkdb commands tells me that
the recommended max uid value is 65535, which is
a 16-bit UID, and this value 65535 differs from the restricted value
of pw command.
It might be better to unify such a recommended UID value on the
system.
Finally, I would like to mention my system on which I made
the above tests. The system is
FreeBSD vaio.my.domain 5.0-20010112-SNAP FreeBSD 5.0-20010112-SNAP #4: Mon Feb 26 15:32:20 JST 2001 root@vaio.my.domain:/usr/src/sys/compile/vaio i386
That system is somewhat old. But I guess that the current
source codes of pw, chpass and pwd_mkdb aren't so far from
those on my system, maybe. I cannot check the latest sources now
because I'm on travel.
Thanks for your reading.
koya
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010501065656R.koya>