Path: utzoo!utgpu!jarvis.csri.toronto.edu!mailrus!ukma!rutgers!cbmvax!grr From: grr@cbmvax.UUCP (George Robbins) Newsgroups: comp.unix.ultrix Subject: Re: Bug in subroutine putpwent(Ultrix 3.0) Message-ID: <7430@cbmvax.UUCP> Date: 25 Jul 89 03:42:57 GMT References: <1418@rivm05.UUCP> Reply-To: grr@cbmvax.UUCP (George Robbins) Organization: Commodore Technology, West Chester, PA Lines: 51 In article <1418@rivm05.UUCP> ccea3@rivm.UUCP (Adri Verhoef) writes: > putpwent() doesn't work the way it should. > Negative user-IDs and group-IDs show up as long integers > with the following piece of code: > > while (pwent = getpwent()) { > fprintf(stderr, "%d\n", (int) pwent->pw_uid); > putpwent(pwent, stdout); > } > > In this way, > nobody:Nologin:-2:-2:anonymous NFS user:/: > > willl show up as: > -2 > nobody:Nologin:4294967294:4294967294:anonymous NFS user:/: > > > Should I: > 1) Remove all users with negative IDs (i.e. "nobody") from the password file? > 2) Have the negative IDs changed into positive values? > 3) Obtain a good and new version of putpwent()? > 4) Patch the library (change %d:%d:%u:%u:%s:%s:%s into %s:%s:%d:%d:%s:%s:%s)? > 5) [You name it] Arghh! Whatever you do, do it carefully, as there were alledgedly *Sun* security bugs associated with not having an account in /etc/passwd that the "nobody" accounts mapped to. It's always possible that some analog of these problems might show up in Ultrix. The "official" version seems to be drifting towards the notion that uid's and gid's are really supposed to be unsigned short's, however that's unlikely work directly on systems using the sun derived kludge. > This version seems to be: > putpwent.c 4.1 (ULTRIX) 11/23/87 Note that none of the system software actually uses putpwent, it's apparently the creation of some Sun completist. The format string used in /bin/passwd and the Sun version of putpwent is the predictable: %s:%s:%d:%d:%s:%s:%s\n What to do? Maybe file an SPR and then go ahead and use a printf() instead of a do-nothing routine... The %u is definitely wrong in the current environment, and useless or worse. -- George Robbins - now working for, uucp: {uunet|pyramid|rutgers}!cbmvax!grr but no way officially representing arpa: cbmvax!grr@uunet.uu.net Commodore, Engineering Department fone: 215-431-9255 (only by moonlite)