Path: utzoo!attcan!uunet!auspex!guy
From: guy@auspex.UUCP (Guy Harris)
Newsgroups: comp.unix.wizards
Subject: Re: Re: The Internet Virus--Another issue
Message-ID: <716@auspex.UUCP>
Date: 15 Dec 88 02:35:17 GMT
References: <17849@glacier.STANFORD.EDU> <4470010@hpindda.HP.COM> <1026@ccnysci.UUCP> <6624@csli.STANFORD.EDU> <66@titania.warwick.ac.uk>
Reply-To: guy@auspex.UUCP (Guy Harris)
Organization: Auspex Systems, Santa Clara
Lines: 20

>If you've got an inetd.conf that takes a user to run the daemon as, I would
>also be careful about using users with -ve uids, someone said this can cause
>the daemon to get run as root when e.g. setuid(-2) fails (setuid expecting a
>0 <= number < 2^16).

It seems to work under SunOS 4.0; the "pw_uid" field for the user is
cast to "uid_t", which is "unsigned short", the net result being that it
passes 65534 rather than -2 to "setuid".  You do get some crap from
"/usr/etc/sa" when it's run by "cron", but you can filter that out by
changing the "crontab" line to

	15 0 * * * /usr/etc/sa -s 2>&1 >/dev/null |
	    egrep -v '^Preposterous user id, 65534: ignored$'

(NOTE: the line is split because it's long - I don't think "cron"
supports that sort of stuff, so don't enter it like that; join those two
lines into one).

A future release will probably join the rest of the world and make UIDs
unsigned, so that "nobody" will become 65534.