From khera@kciLink.com  Tue May 15 08:11:27 2001
Return-Path: <khera@kciLink.com>
Received: from yertle.kciLink.com (yertle.kcilink.com [216.194.193.105])
	by hub.freebsd.org (Postfix) with ESMTP id 0DB1637B423
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 15 May 2001 08:11:27 -0700 (PDT)
	(envelope-from khera@kciLink.com)
Received: from onceler.kciLink.com (onceler.kciLink.com [216.194.193.106])
	by yertle.kciLink.com (Postfix) with ESMTP id 3A6E72E460
	for <FreeBSD-gnats-submit@freebsd.org>; Tue, 15 May 2001 11:11:26 -0400 (EDT)
Received: (from khera@localhost)
	by onceler.kciLink.com (8.11.3/8.11.3) id f4FFBQZ86350;
	Tue, 15 May 2001 11:11:26 -0400 (EDT)
	(envelope-from khera)
Message-Id: <200105151511.f4FFBQZ86350@onceler.kciLink.com>
Date: Tue, 15 May 2001 11:11:26 -0400 (EDT)
From: <khera@kciLink.com>
Reply-To: khera@kciLink.com
To: FreeBSD-gnats-submit@freebsd.org
Cc:
Subject: ports/security/liedent uses incorrect "nobody" uid
X-Send-Pr-Version: 3.113
X-GNATS-Notify:

>Number:         27336
>Category:       ports
>Synopsis:       lident uses wrong UID
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    wes
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Tue May 15 08:20:01 PDT 2001
>Closed-Date:    Sun May 20 09:07:53 PDT 2001
>Last-Modified:  Sun May 20 09:10:04 PDT 2001
>Originator:     Vivek Khera
>Release:        FreeBSD 4.3-STABLE i386
>Organization:
>Environment:
System: FreeBSD onceler.kciLink.com 4.3-STABLE FreeBSD 4.3-STABLE #3: Wed May 2 13:09:53 EDT 2001 khera@yertle.kciLink.com:/u/yertle2/usr.obj/amd/onceler/u/onceler1/usr/src/sys/ONCELER i386

ports updated yesterday.
	
>Description:
	

liedent runs with fixed UID of 32767 instead of the current "nobody"
uid of 65534.

>How-To-Repeat:
	

install and run the daemon.

>Fix:

	
add this patch to the port:

--- liedentd-1.0/#liedentd.c~	Tue May 15 11:04:51 2001
+++ liedentd-1.0/liedentd.c	Tue May 15 11:04:51 2001
@@ -45,7 +45,7 @@
 #include <unistd.h>
 
 #define IDENT_PORT 113
-#define NOBODY 32767
+#define NOBODY 65534
 
 char *pname;
 
>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-ports->wes 
Responsible-Changed-By: ijliao 
Responsible-Changed-When: Fri May 18 09:07:15 PDT 2001 
Responsible-Changed-Why:  
over to maintainer 

http://www.FreeBSD.org/cgi/query-pr.cgi?pr=27336 
State-Changed-From-To: open->closed 
State-Changed-By: wes 
State-Changed-When: Sun May 20 09:07:53 PDT 2001 
State-Changed-Why:  
The userid chosen for liedentd is a generic portable UID that works 
on systems where uid_t is a signed short.  If I had wanted the 
system's idea of "nobody" I would have used getpwnam to obtain in, 
but that can be DoS'ed in a YP or other distributed management 
environment.  All that is required is a unprivileged UID that is 
not likely to conflict with a user account.  Something in the 20s 
or 30s might be a better choice. 


http://www.FreeBSD.org/cgi/query-pr.cgi?pr=27336 
>Unformatted:
