oss-sec mailing list archives
Re: systemd fails to parse user that should run service
From: Eric Blake <eblake () redhat com>
Date: Wed, 5 Jul 2017 09:37:32 -0500
On 07/05/2017 03:50 AM, Pali Rohár wrote:
There are basically two problems: 1) In more Linux distributions useradd tool allow to create a new user which starts with digit. Also according to POSIX such user name is a valid. This means that valid user name (for some Linux distributions) from /etc/passwd specified in systemd unit file results running service as root user.
In fact, it is possible to create a username of '0' which is a non-root user. GNU Coreutils has several tools that support a lookup of '+0' to force a numeric uid interpretation (get information related to uid 0, regardless of whether there is also a username "0"), while omitting the leading + does a username lookup first then falls back to a uid, since leading + is not a valid POSIX username start character. -- Eric Blake, Principal Software Engineer Red Hat, Inc. +1-919-301-3266 Virtualization: qemu.org | libvirt.org
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: systemd fails to parse user that should run service, (continued)
- Re: systemd fails to parse user that should run service Ben Tasker (Jul 06)
- Re: systemd fails to parse user that should run service Perry E. Metzger (Jul 05)
- Re: systemd fails to parse user that should run service Robert Scheck (Jul 05)
- Re: systemd fails to parse user that should run service Patrick J. Volkerding (Jul 06)
- Re: systemd fails to parse user that should run service Simon McVittie (Jul 06)
- Re: systemd fails to parse user that should run service Leonid Isaev (Jul 06)
- Re: systemd fails to parse user that should run service Simon McVittie (Jul 06)
- Re: systemd fails to parse user that should run service Leonid Isaev (Jul 06)
- Re: systemd fails to parse user that should run service Simon McVittie (Jul 06)
- Re: systemd fails to parse user that should run service Martin Steigerwald (Jul 06)
- Re: systemd fails to parse user that should run service Martin Steigerwald (Jul 06)