|
Charlie Li on 6 Dec 2018 16:49:47 -0800
|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
|
Re: [PLUG] Yet another fresh linux exploit
|
- From: Charlie Li <ml+PLUG@vishwin.info>
- To: plug@lists.phillylinux.org
- Subject: Re: [PLUG] Yet another fresh linux exploit
- Date: Thu, 6 Dec 2018 19:49:35 -0500
- Autocrypt: addr=ml+PLUG@vishwin.info; prefer-encrypt=mutual; keydata= xsFNBFt7iHUBEADCorTixbMGuHd9WYSKCELlv/TFcRtvpHUw/n9LtXzKixUUwl7iuMFMYTz3 QXePX0Twq4jCQYySfcxWbPkLsSYlPOkaGQ+XytfmIHoqG5ba4i1fp+F41is0oCtLt1+oL84j NKUd13em/JWd+PJeQbSTVnHbT2yaAi7vqWw5WKVaMExjfPGU5TArV46wSRU6Zuy1ZX66q0q5 dPzeBdeKYWJE8aGtyi3pYUpKUOX4gxiNetf6leDFZ4OsexWaRdU0n8fId5d1qwjAE3lOwV5z 0Ilt8t4iXtX3JL3DAQyLZIeXHIg9O3rrpPMXQWSp2/5g39PohNk7farbhcpIKxuDN+L5N6U9 OxNHBSCv9FGDO4R/mw3YwJCovDzsF7RSyXQDIY36yjdh2uTLZ0uD5Ci/DPmJUySFLRvpqWnQ M7V5cYhdqDfcElGpRbi8JZQVYRJjvI5Jj0byG98KeaD0YFxKqmmm+Oh+xWXE7xt/DsBoZeZJ BFP84LvFbwQqprvI+sg+1z2+JIgNbYwl8VaYzfyGnqTEXTOsQYEKTdKA9MODSAsN31MlQICe CIHZV+OwOqH1KQ/mZp59AnpXAmj4T94bnahE9yJtVW/qglX/nTeFNUdu5MyEgkeB0x7mx+t0 3hE20yp/NbyvG1T/o53NHwHiURC/8Fxd1NWPZ6n4X8npQn6iyQARAQABzSFDaGFybGllIExp IDx2aXNod2luQHZpc2h3aW4uaW5mbz7CwZEEEwEIADsCGyMFCwkIBwIGFQoJCAsCBBYCAwEC HgECF4AWIQT/f8Kqvlr7jU9sRv6OcHje8gOrbAUCW3uI+wIZAQAKCRCOcHje8gOrbNX8EACT HGo3AsShFj+AaUgD9V6wTMaR2w7ubIqbkn2ZqZZ1xWj3gM6VYRKHflj9LiYqFRO4wBteAq30 Snz6F93IG+u5B1uwlC58HDwCQaROaU5cHQ8UvGPSEv0XXCcYTaC3d5NMoIh/LdutVZz56LTx hWs5NHUCaG6FfGV9QplECRteQr2rMxHZxZ3ppSY9oev/wY3U3VRUGnhM2ZwGrpmjksC1HTBH Fw2XbYdVNCOYjQrTIulaYb3y0ssgsOhvSk9bPHSTsWSCQGJk0uFNXTvIq68GhkhOwAet6//w R2y1whg47r554pBManttODaQnmWmIWBM0bZMJrlNT8T/oXlG9nA0jrjA8LvTThrCAvMSMB0F 2FhStd/I2/Fs7T6Uk1BUpgCvFiDtE8Jt1W2yq2GLtPysGrJXyDaat8IuVUthnNVhoyZb9tZu sI/FFhfh9MkPmZDwCoTUJN2yU8QhxS1iJXfMZ1f06r1TYY9rwb8E/WCBJFbMzJs3VLj/TnHL N09J2zNZgTs7gewLn/2lEV1kOL/FxIDgN7ailcf3kcNdVUxr/pLbx3NZcDkXniPO0dzQpuRw q841wBT3uqdPFJwIl4pf1EYhLj89r2vOGnM2RChl1/t+wSqHhBji3R3uylzE0qbr8O/cgx/5 wlvZJiUhyu0hJ/JoJkF8WEFkesJrTZORGc7BTQRbe4h1ARAA12Xtgcbwk7IdsRi/7sTFKs73 qoFFq+DUWwMbSuIOaWw5J9nZ+ovr9gkXlax+xf335hJ0iItB8LhA7D9wD4wjrmmBjhwK7jYv tghb8BH6MHWEWD5D9xt47CO4o8Vi1m/F4OlKxoDqIhH6n63gNeSNaXzqDpZoUsL62KX+sKKU Udj/X/oz3XwXWCb/rEIgAMMW7QFcuQBJzkHgu69oUSIki4j1mhAMiBbGexfS1dcTfpLAr9eu jDNHOw5r7aI4cA8q7us8YfDLby87hPlSrtTKcxkbawrdFNs6KNrEvggkXhYxGqm4Z0FInixa avloimBf1q7kvVM0AAgsmkdeeS/6Tzbn71WBuEW0VgEcSSBS1dv7DfgmeQeiSmv0Dvx2lZv5 P6M4Q/plSAz7hVXL6EIKltwJUjY8Re7zDbPf7jJlbEgWbLxRhlGh5MwrNXbMt6KygDRcDyOP njxg0+ICXbQyPKiq7jZY2/Q/x8P08xNx8sUKPY+XE6G5QVohQfe3LT9s15KM+1Ur4v3Hhbft HtTW1iT60HkyU9qRCJJC11OgH7wrfiucG3/eQKgBgvsfKDD36rJmsQpkO0/kkp6R+CzLby3X PrrFYJTCr08e5QWKKPdyNvAhuyQj27Lb7EhNxe3hmpV+llx0aaN9t1M+QZ88famMOgIlp7Nh 1uFr/c5WGZUAEQEAAcLBdgQYAQgAIBYhBP9/wqq+WvuNT2xG/o5weN7yA6tsBQJbe4h1AhsM AAoJEI5weN7yA6tsTGcP/2rBIvgeKismZQQn7kJOHwgmqXg/N5ArwPH3eCJmzmNZWUIlOZyl A2KtYhkzZ5G3rsL/BMmMuYRUbPJJUukaJSqFep1E6AWYPC8Seakhu1ZbK8ayBI4KZmP+3PQY S0tKyMlxX+Qt9+S/tcQqS31mMgmcVhVhKi8MrWjY+g7pF+LkBYccHuNiGNIcm8mMPHTIKU72 ARiG3DtHrRg4sf5wqgOi72277jBHdDBGw0Y7rCvMsaGm3G4GsMwj4e47H6PAFOWK7O69muvL o50oMN2rkPi+9AKPi8WcrinstleEGyEIyguRagDQjZP5gX9Xk5vkS6+xMgKt7+k7+D3jWKlW R6G9U0CyKmVJoeNqwHUdLoFD3lywjwT9vo+cqb4gQKnZsA1ss/WOvEp4EaNSR7JHFOY5X8AN QgiPxLhrbI7FPGXKw3Y7nCpcIlzFph6UL9jhNRwvoQ3GfZ0sF0JgpASdrS4N3Fmnt9L6lc3q rIrxDPpDjYwcDEUBl0sp/prjh3gdC3qs9xZ0RNWWdUqcmvRv2SDkrVDw3iQ9WhMZWuQYBmGa MViypa6WrjjlVTjqZftZyqytnHwuo1PA/qLcF/vUUn0QHFPIDx8/yTSqiw/xTwPuOFxznHjJ VbxEEG0H5rmreh1Z0WeMwsSbjC3EEf+ZI39QpFwVIG8pDwXFOClfhjFz
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed; d=vishwin.info; h=subject :to:references:from:message-id:date:mime-version:in-reply-to :content-type; s=fuccboi12; bh=7M4/CG2kWSIMkIFh+qDYtcgPObnfDGdq9 NDvaVvxgYs=; b=Ou1YnDNbRnB63z4/b360dysuBDGE8B1t91IZ/MwpsXOGerMTS fyGf3+WKEPVAwhnn5FxQQL4sZlNQdpmzha4cbrSYMh7NshbJSCTYVrpY+9hBOtiK 2b8cSghYSg0P35xZ65jzy3kp1+e28auPk2h/11lBZnh49K/wv0JxjPPHlFFl/YDi g35PZnJVcwMyngwOQoupFAG1oywR+Knit+CkOnHpy/aGMEMordi1shvYvFCIP72N 8LQASXsYsaAwQZd0jGS6bu6FgpD0d2jBjCZNxptEQTgPYRwLbSgsz1UDT65nCh0P OR17+Jm40GS660S9wdXgVznrgIF/27MaRtshQ==
- Openpgp: preference=signencrypt
- Organization: PLUG mailing list
- Reply-to: Philadelphia Linux User's Group Discussion List <plug@lists.phillylinux.org>
- Sender: "plug" <plug-bounces@lists.phillylinux.org>
- User-agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:60.0) Gecko/20100101 Thunderbird/60.3.2
On 06/12/2018 16:04, Fred Stluka wrote:
> Is this a practical problem? That is, do many (any?) Linux systems
> have UIDs greater than 2,147,483,646?. Do they use negative
> numbers?
>
> By default my Linux boxes typically have UIDs 0 to 499 for special
> users, and 500 on up for regular users. But they count up from 500
> by ones, so it would take a LONG time to get to UID 2,147,483,647.
> I don't expect to ever admin a system that has over 2 BILLION past or
> present users.
>
Not relevant to the question. You can start regular UID counting
anywhere you want really. We are in the open source world; we are better
than this.
Let's not even mention unspeakable actors that may have been exploiting
this for time without telling anyone.
> I agree it's a bug and should be fixed. But is there any real urgency
> for this one? For example, is there some package I'm likely to add to
> my system that creates UID that are huge or negative?
>
You may end up "needing" to run a daemon that solves a problem or does
something you need. Many times daemons run as their own UID and GID;
sometimes they're even codified. Unbeknownst to you, there's some
runtime checking that specifically checks for a specific UID or GID. If
that program asks for a UID or GID greater than 32 bits, and you had no
idea about this kind of underlying system flaw, well?
--
Charlie "the speed of light is a physical constant" Li
(This email address is for mailing list use only; replace local-part
with vishwin for off-list communication)
Attachment:
signature.asc
Description: OpenPGP digital signature
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug