[OpenAFS-devel] Re: [OpenAFS] pagsh and big uid with linux
Hartmut Reuter
reuter@rzg.mpg.de
Tue, 15 Jan 2002 15:51:00 +0100
The problem is the struct cred_t in src/afs/LINUX/osi_mach_dep.h where
the uid
and gid fields are unsigned short. Before and after the setpag system
call data get copied into this credential and later copied back again.
This is where the high order 16 bits are lost!
I changed these fields to uid_t and gid_t and it works corrcetly.
Hartmut Reuter
=
Stefan Reimbold schrieb:
> =
> Hi All,
> =
> I'm using SuSE 7.2 with kernel version 2.4.4-4GB. After installing
> openafs-1.2.2a I discovered a problem with pagsh and big uids.
> =
> Users who have UIDs bigger then 65535 get their UIDs mapped to (UID%655=
35).
> These can leed to unauthorized root access as shown in the following
> example.
> =
> % id
> uid=3D65536(test) gid=3D100(users) Gruppen=3D100(users)
> % pagsh
> % id
> uid=3D0(root) gid=3D100(users) Gruppen=3D33807,41162,100(users)
> =
> The groups seem to be mangled to, so I assume there's a type for the UI=
D to
> small, so the field for GID gets overwritten.
> =
> I tested this on AIX as well and on AIX it is ok. So it seems to be a
> problem with the linux AFS kernel module.
> =
> Best Regards -- Mit freundlichen Gr=FC=DFen...Stefan Reimbold
> =
> _______________________________________________
> OpenAFS-info mailing list
> OpenAFS-info@openafs.org
> https://lists.openafs.org/mailman/listinfo/openafs-info
-- =
-----------------------------------------------------------------
Hartmut Reuter e-mail reuter@rzg.mpg.de
phone +49-89-3299-1328
RZG (Rechenzentrum Garching) fax +49-89-3299-1301 =
Computing Center of the Max-Planck-Gesellschaft (MPG) and the
Institut fuer Plasmaphysik (IPP)
-----------------------------------------------------------------