Re: [PLUG] Yet another fresh linux exploit

I agree, it's not a practical problem, I suppose I am tinged with paranoia after doing security in a web hosting environment for so long.

Thanks

On Thu, Dec 6, 2018, 4:04 PM Fred Stluka <fred@bristle.com wrote:

Michael,

Is this a practical problem? That is, do many (any?) Linux systems
have UIDs greater than 2,147,483,646?. Do they use negative
numbers?

By default my Linux boxes typically have UIDs 0 to 499 for special
users, and 500 on up for regular users. But they count up from 500
by ones, so it would take a LONG time to get to UID 2,147,483,647.
I don't expect to ever admin a system that has over 2 BILLION past or
present users.

I agree it's a bug and should be fixed. But is there any real urgency
for this one? For example, is there some package I'm likely to add to
my system that creates UID that are huge or negative?

Thanks!
--Fred
------------------------------------------------------------------------
Fred Stluka -- Bristle Software, Inc. -- http://bristle.com
#DontBeATrump -- Make America Honorable Again!
------------------------------------------------------------------------

On 12/6/18 12:32 PM, Michael Lazin wrote:
> https://thehackernews.com/2018/12/linux-user-privilege-policykit.html
>
> --
> Michael Lazin
>
> to gar auto estin noein te kai ennai
>
>
> ___________________________________________________________________________
> Philadelphia Linux Users Group -- http://www.phillylinux.org
> Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
> General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug

___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug