| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 2 Aug 2013 15:20:07 -0500 From: Nico Williams <nico@...ptonector.com> To: Jeff Layton <jlayton@...hat.com> Cc: David Howells <dhowells@...hat.com>, keyrings@...ux-nfs.org, "Eric W. Biederman" <ebiederm@...ssion.com>, simo@...hat.com, "Serge E. Hallyn" <serge.hallyn@...ntu.com>, linux-nfs@...r.kernel.org, krbdev@....edu, linux-kernel@...r.kernel.org Subject: Re: [PATCH 2/2] KEYS: Add per-user_namespace registers for persistent per-UID kerberos caches On Fri, Aug 2, 2013 at 8:55 AM, Jeff Layton <jlayton@...hat.com> wrote: > Isn't it possible to have a valid uid of (unsigned int)-1? I know that > at least some sites use that for "nobody". Why not just require passing > in the correct UID? POSIX requires valid UIDs to be non-nengative. POSIX does not require uid_t to be signed or unsigned. POSIX does make use of (uid_t)-1 as a sentinel (e.g., in setreuid(2)). (uid_t)-1 is special. Do not use it. As an aside, note that on Solaris 10 and less uid_t was signed, so UIDs 2^31..2^32-2 were unusable. Interop with S10 and less requires that you not use such UIDs. Ditto gid_t and GIDs. Also note that in Solaris 11 uid_t is unsigned BUT the range of UIDs 2^31..2^32-2 is still reserved (for automatic, on-demand, non-persistent allocation for ID mapping purposes). Interop with S11 requires that you not use such UIDs. Ditto gid_t and GIDs. Nico -- -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists