tech-userlevel: Re: gen usr AS root with YP

Subject: Re: gen usr AS root with YP
To: None <Lloyd.Parkes@vuw.ac.nz, thorpej@nas.nasa.gov>
From: Paul Kranenburg <pk@cs.few.eur.nl>
List: tech-userlevel
Date: 11/21/1996 12:13:49

> 	- I agree that it's a potentially hazardous situation to allow
> 	  uid 0 (or gid 0) in passwd file YP inclusions.
> 
> 	- I hesitate to disallow uid 0 (or gid 0) in the C library, since
> 	  it's conceivable that someone might actually _want_ to do that
> 	  (certainly, that's the case with gid 0).
>

I agree, policies should not be implemented in libc.

> So, given that I don't want to do what I consider breaking the C library, I'll
> add a warning to pwd_mkdb to emit a warning to stderr if an inclusion with
> uid 0 or gid 0 is encountered.

I guess something like this should do the trick:

diff -r1.7 pwd_mkdb.c
190a191,197
>               if(pwd.pw_name[0] == '+') {
>                       if (!(flags & _PASSWORD_NOUID) && pwd.pw_uid == 0)
>                               warnx("line %d: Superuser override in YP inclusion", cnt);
>                       if (!(flags & _PASSWORD_NOGID) && pwd.pw_gid == 0)
>                               warnx("line %d: Wheel override in YP inclusion", cnt);
>               }
>