Red Hat Bugzilla – Bug 233589
inserting a letter in "UID Number" fileld gives user a root privileges
Last modified: 2007-03-23 10:55:05 EDT
Description of problem:
I have Linux (RHEL 4) box which uses FDS for storing users/passwds. I create a
new user in Admin console, give him a username and password and enter some
*text* in the "UID number" field (f.e. "testuser") on Posix account tab and save.
Go to Linux box and try to login with new user and I get a root privileges on
Version-Release number of selected component (if applicable):
Tried twice on FDS workshop, both times successfuly
Steps to Reproduce:
I think this is an operating system thing - pam_ldap and/or nss_ldap should
refuse to use an invalid uid number. That is, in this case, FDS is merely the
storage for the uid value - it doesn't actually do any enforcement, it just
gives that value back to pam/nss.
What happens if you edit /etc/passwd and put a textual uid number in the uid
> What happens if you edit /etc/passwd and put a textual uid number in the uid
If i change my /etc/passwd from:
it says: "Login incorrect" and I can't login.
Then it must be a bug in pam_ldap or nss_ldap - they should cause the same error.